jonashaag · November 26, 2017 20:18
diff --git a/escape.js b/escape.js
 const alph = [
  'a', '\'', '"', '&', '<', '>', '<!', '<!-', '<!--', ' ', '-', '--', '-->', '</script', '<script>', '/', '\\',
  '< /script', '</ script', '< script>', '&quot', '&quot;', '&lt', '&lt;', '&gt', '&gt;'
 ]

 const randint = (min, max) => parseInt(Math.random() * (max - min)) + min

 const randletter = () => alph[randint(0, alph.length)]

 const html4 = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">'

 let frames = Array.prototype.slice.call(document.querySelectorAll('iframe'))
 // 100 test runs
 for (let i = 0; i < 100; ++i) {
  if (i % 100 === 0) console.log(i)
  const n = randint(1, 10)
  // concatenation of 1-10 "letters" per run
  const content = []
  for (let j = 0; j < n; ++j) {
    const l = randletter()
    if (l.length > 1 && randint(0, 10) === 0) {
      // Sometimes also insert random inside multi-letter "letters", i.e.
      // </script --> <a/script
      const splitPos = randint(0, l.length)
      content.push(l.substring(0, splitPos) + randletter() + l.substring(splitPos + 1))
    } else {
      content.push(l)
    }
  }
  // " replaced because of <script type=text/javascript> cross-test;
  // remove if only testing <script type=application/js>
  const contentj = content.join('').replace(/</g, '\\u003C').replace(/"/g, '')
  if (contentj.endsWith('\\')) {
    // Can't cross test these with <script type=text/javascript> tags because they escape the trailing "
    continue
  }
  const html = [
    `<script id="test" type="application/json">${contentj}</script>`,
    `<script id="test" type="text/javascript">"${contentj}"</script>`
  ]

  // Recreate iframes
  const frames2 = frames.map(() => document.createElement('iframe'))
  frames.map((f, i) => f.replaceWith(frames2[i]))
  frames = frames2
  frames.map((f, i) => f.contentDocument.write(html4 + html[i]))

  const actual0 = frames[0].contentDocument.querySelector('#test').textContent
  const actual1 = frames[1].contentDocument.querySelector('#test').textContent
  if (actual0 !== contentj) {
    console.log([0, contentj, actual0])
  }
  if (actual1 !== `"${contentj}"`) {
    console.log([1, contentj, actual1])
  }
  if (`"${actual0}"` !== actual1) {
    console.log(['diff', actual0, actual1])
  }
 }

 console.log('done')
	const alph = [
	'a', '\'', '"', '&', '<', '>', '<!', '<!-', '<!--', ' ', '-', '--', '-->', '</script', '<script>', '/', '\\',
	'< /script', '</ script', '< script>', '&quot', '"', '&lt', '<', '&gt', '>'
	]

	const randint = (min, max) => parseInt(Math.random() * (max - min)) + min

	const randletter = () => alph[randint(0, alph.length)]

	const html4 = '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">'

	let frames = Array.prototype.slice.call(document.querySelectorAll('iframe'))
	// 100 test runs
	for (let i = 0; i < 100; ++i) {
	if (i % 100 === 0) console.log(i)
	const n = randint(1, 10)
	// concatenation of 1-10 "letters" per run
	const content = []
	for (let j = 0; j < n; ++j) {
	const l = randletter()
	if (l.length > 1 && randint(0, 10) === 0) {
	// Sometimes also insert random inside multi-letter "letters", i.e.
	// </script --> <a/script
	const splitPos = randint(0, l.length)
	content.push(l.substring(0, splitPos) + randletter() + l.substring(splitPos + 1))
	} else {
	content.push(l)
	}
	}
	// " replaced because of <script type=text/javascript> cross-test;
	// remove if only testing <script type=application/js>
	const contentj = content.join('').replace(/</g, '\\u003C').replace(/"/g, '')
	if (contentj.endsWith('\\')) {
	// Can't cross test these with <script type=text/javascript> tags because they escape the trailing "
	continue
	}
	const html = [
	`<script id="test" type="application/json">${contentj}</script>`,
	`<script id="test" type="text/javascript">"${contentj}"</script>`
	]

	// Recreate iframes
	const frames2 = frames.map(() => document.createElement('iframe'))
	frames.map((f, i) => f.replaceWith(frames2[i]))
	frames = frames2
	frames.map((f, i) => f.contentDocument.write(html4 + html[i]))

	const actual0 = frames[0].contentDocument.querySelector('#test').textContent
	const actual1 = frames[1].contentDocument.querySelector('#test').textContent
	if (actual0 !== contentj) {
	console.log([0, contentj, actual0])
	}
	if (actual1 !== `"${contentj}"`) {
	console.log([1, contentj, actual1])
	}
	if (`"${actual0}"` !== actual1) {
	console.log(['diff', actual0, actual1])
	}
	}

	console.log('done')
No results found