cs/test_escape.cs.gold - platform/external/clearsilver - Git at Google

 Parsing test_escape.cs
 escape: not used
 UrlArg: Secret Password~!@#$%^&*()+=-_|\[]{}:";'<>,.?
 BlahJs: quote ' backslash \ semicolon ; end tag </script>
 Title:  </title><script>alert(1)</script>


 escape: none
 UrlArg: Secret Password~!@#$%^&*()+=-_|\[]{}:";'<>,.?
 BlahJs: quote ' backslash \ semicolon ; end tag </script>
 Title:  </title><script>alert(1)</script>


 escape: html
 UrlArg: Secret Password~!@#$%^&amp;*()+=-_|\[]{}:&quot;;&#39;&lt;&gt;,.?
 BlahJs: quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
 Title:  &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;


 escape: js
 UrlArg: Secret Password~!@#$%^\x26*()+=-_|\x5C[]{}:\x22\x3B\x27\x3C\x3E,.?
 BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 Title:  \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3E


 escape: url
 UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
 BlahJs: quote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
 Title:  %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E


 Nested escaping: html
 The internal calls should take precedence
 url  -> UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
 js   -> BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 html -> Title:  &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;


 Defining the macro echo_all inside of a "html" escape.


 Calling echo_all() macro:

 not used: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;


 Calling echo_all() macro from within "html":

 not used: &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;


 Calling echo_all() macro from within "js":

 not used: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;


 Calling echo_all() macro from within "url":

 not used: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
 none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
 url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
 js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
 html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
	Parsing test_escape.cs
	escape: not used
	UrlArg: Secret Password~!@#$%^&*()+=-_\|\[]{}:";'<>,.?
	BlahJs: quote ' backslash \ semicolon ; end tag </script>
	Title: </title><script>alert(1)</script>


	escape: none
	UrlArg: Secret Password~!@#$%^&*()+=-_\|\[]{}:";'<>,.?
	BlahJs: quote ' backslash \ semicolon ; end tag </script>
	Title: </title><script>alert(1)</script>



	escape: html
	UrlArg: Secret Password~!@#$%^&*()+=-_\|\[]{}:";'<>,.?
	BlahJs: quote ' backslash \ semicolon ; end tag </script>
	Title: </title><script>alert(1)</script>



	escape: js
	UrlArg: Secret Password~!@#$%^\x26*()+=-_\|\x5C[]{}:\x22\x3B\x27\x3C\x3E,.?
	BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	Title: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3E



	escape: url
	UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
	BlahJs: quote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
	Title: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E



	Nested escaping: html
	The internal calls should take precedence
	url -> UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
	js -> BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	html -> Title: </title><script>alert(1)</script>


	Defining the macro echo_all inside of a "html" escape.


	Calling echo_all() macro:

	not used: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
	none: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
	url: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
	js: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	html: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>



	Calling echo_all() macro from within "html":

	not used: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
	none: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
	url: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
	js: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	html: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>




	Calling echo_all() macro from within "js":

	not used: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	none: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
	url: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
	js: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	html: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>




	Calling echo_all() macro from within "url":

	not used: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
	none: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
	url: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
	js: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
	html: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>