-
Notifications
You must be signed in to change notification settings - Fork 3.9k
/
Copy pathurls.html
104 lines (101 loc) · 5.96 KB
/
urls.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
<!--
Test Description:
This tests looks at specific errors related to URLs in href and src
attributes.
-->
<!doctype html>
<html ⚡>
<head>
<meta charset="utf-8">
<link rel="canonical" href="javascript://llamas">
<meta name="viewport" content="width=device-width,initial-scale=1,minimum-scale=1,maximum-scale=1,user-scalable=no,minimal-ui">
<style amp-boilerplate>body{-webkit-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-moz-animation:-amp-start 8s steps(1,end) 0s 1 normal both;-ms-animation:-amp-start 8s steps(1,end) 0s 1 normal both;animation:-amp-start 8s steps(1,end) 0s 1 normal both}@-webkit-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-moz-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-ms-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@-o-keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}@keyframes -amp-start{from{visibility:hidden}to{visibility:visible}}</style><noscript><style amp-boilerplate>body{-webkit-animation:none;-moz-animation:none;-ms-animation:none;animation:none}</style></noscript>
<script src="https://cdn.ampproject.org/v0.js" async></script>
<script async custom-element="amp-ad" src="https://cdn.ampproject.org/v0/amp-ad-0.1.js"></script>
<script async custom-element="amp-video" src="https://cdn.ampproject.org/v0/amp-video-0.1.js"></script>
</head>
<body>
<a href="https://google.com/">Valid URL</a>
<a href=" http://google.com/ ">Valid URL</a>
<a href="foo">Valid URL</a>
<a href="/bar">Valid URL</a>
<a href="#foobar">Valid URL</a>
<a href="https://⚡">Valid URL</a>
<a href="https://">Valid URL</a>
<a href="HtTpS://Google.com/">Valid URL</a>
<a href="javascript:alert('boo')">Invalid protocol</a>
<a href="JavaScript:alert('boo')">Invalid protocol</a>
<a href="javascript:alert(1)">Invalid protocol</a>
<a href="vbscript:bar">Invalid protocol</a>
<a href="data:baz">Invalid protocol</a>
<a href="ftp://google.com/">Valid protocol</a>
<!-- invalid (javascript is not an allowed protocol: singluar src element) -->
<amp-img srcset="javascript:alert(1)" layout="fill"></amp-img>
<!-- invalid (javascript is not an allwoed protocol: second src element) -->
<amp-img srcset="image-1.png 1x, javascript:alert(1)" layout="fill"></amp-img>
<!-- valid -->
<amp-img srcset="image-1x.png 1x, image-2x.png 2x" layout="fill"></amp-img>
<!-- valid -->
<amp-img srcset="image-1x.png 1x, image-2x.png 2x," layout="fill"></amp-img>
<!-- valid (commas are valid in URLs) -->
<amp-img srcset="image-1,x.png 1x, image-2,x.png 2x" layout="fill"></amp-img>
<!-- invalid (javascript is not an allowed protocol: multi src element) -->
<amp-img srcset="javascript:alert('boo') 1x, foo 2x" layout="fill"></amp-img>
<!-- invalid (javascript is not an allowed protocol: case insensitive) -->
<amp-img srcset="image-1x.png 1x, JavaScript:baz 2x" layout="fill"></amp-img>
<!-- invalid (empty) -->
<amp-img srcset="" layout="fill"></amp-img>
<!-- invalid (duplicate pixel density) -->
<amp-img srcset="image-1x.png 1x, image-2x.png 1x" layout="fill"></amp-img>
<!-- invalid (URL has spaces that are not encoded) -->
<amp-img srcset="image 1x.png 1x, image 2x.png 2x" layout="fill"></amp-img>
<!-- valid (URL has encoded spaces) -->
<amp-img srcset=", image%201x.png 1x, image%202x.png 2x" layout="fill"></amp-img>
<a href="http://foobarbazexample.com\x10.com/">Interesting Case</a>
<!-- Missing src -->
<amp-ad src="" width="42" height="42" type=""></amp-ad>
<amp-anim src="" width="42" height="42"></amp-anim>
<amp-audio src="" layout="fixed" width="42"></amp-audio>
<amp-iframe src="" width="42" height="42"></amp-iframe>
<amp-img src="" layout="responsive" width="42" height="42"></amp-img>
<amp-pixel src="" layout="fixed" width="42"></amp-pixel>
<amp-video src="" width="42" height="42"></amp-video>
<!-- src contains only whitespace: regular space followed by non-breaking
space followed by tab. -->
<amp-ad src=" " width="42" height="42" type=""></amp-ad>
<!-- Invalid protocol -->
<amp-ad src="http://amp-ad" width="42" height="42" type=""></amp-ad>
<amp-iframe src="http://amp-iframe" width="42" height="42"></amp-iframe>
<amp-pixel src="http://amp-pixel" layout="fixed" width="42"></amp-pixel>
<amp-video src="http://amp-video" width="42" height="42"></amp-video>
<a href=" j a v a s c r i p t :alert(1)">Invalid protocol</a>
<!-- Valid ipv6 addresses -->
<a href="https://[2001:0db8::85a3]/">Valid</a>
<a href="https://[::1]/">Valid</a>
<a href="https://[0:0:0:0:0:0:0:1]/">Valid</a>
<a href="https://[0:0:0:0:0:0:8.8.8.8]/">Valid</a>
<a href="https://[0:0:0:0:0:0:8.124.8.8]/">Valid</a>
<a href="https://[0:0:0:0:0:0:8.8.8.22]/">Valid</a>
<a href="https://[::8.8.8.8]/">Valid</a>
<!-- Invalid ipv6 addresses -->
<a href="https://[2001:0db8:85a3]/">Invalid</a>
<a href="https://[20012:0db8::85a3]/">Invalid</a>
<a href="https://[200g:0db8:85a3]/">Invalid</a>
<a href="https://[:::1]/">Invalid</a>
<a href="https://[0:0:0:0:0:0:1]/">Invalid</a>
<a href="https://[0:0:0:0:0:0:0:0:1]/">Invalid</a>
<a href="https://[0:0:0:0:0:0:0:8.8.8.8]/">Invalid</a>
<a href="https://[0:0:0:0:0:8.8.8.8]/">Invalid</a>
<a href="https://[0:0:0:0:0:8.8.8.8:1]/">Invalid</a>
<!-- __amp_source_origin is not an allowed value for URLs. -->
<a href="__amp_source_origin">uhm, no</a>
<amp-ad src="__amp_source_origin" width="42" height="42" type=""></amp-ad>
<amp-anim src="__amp_source_origin" width="42" height="42"></amp-anim>
<amp-audio src="__amp_source_origin" layout="fixed" width="42"></amp-audio>
<amp-iframe src="__amp_source_origin" width="42" height="42"></amp-iframe>
<amp-img src="__amp_source_origin" layout="responsive" width="42" height="42"></amp-img>
<amp-pixel src="__amp_source_origin" layout="fixed" width="42"></amp-pixel>
<amp-video src="__amp_source_origin" width="42" height="42"></amp-video>
<amp-video src="%5f_amp_source%5forigin" width="42" height="42"></amp-video>
</body>
</html>