From 895b5f4885516f10df4504445373e488d551d96c Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Thu, 8 Apr 2021 10:49:18 -0400
Subject: [PATCH] test: actually test against a working unicode-encoded exploit

I'm SMDH at the errors that have propagated in the test strings over
the years.
---
 test/assets/testdata_sanitizer_tests1.dat | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/test/assets/testdata_sanitizer_tests1.dat b/test/assets/testdata_sanitizer_tests1.dat
index c8284dc..b531675 100644
--- a/test/assets/testdata_sanitizer_tests1.dat
+++ b/test/assets/testdata_sanitizer_tests1.dat
@@ -34,11 +34,33 @@
   },
 
   {
+    /* original */
     "name": "div_background_image_unicode_encoded",
     "input": "<div style=\"background-image:\u00a5\u00a2\u006C\u0028'\u006a\u0061\u00a6\u0061\u00a3\u0063\u00a2\u0069\u00a0\u00a4\u003a\u0061\u006c\u0065\u00a2\u00a4\u0028.1027\u0058.1053\u0053\u0027\u0029'\u0029\">foo</div>",
     "output": "<div>foo</div>"
   },
 
+  {
+    /* from https://owasp.org/www-community/xss-filter-evasion-cheatsheet */
+    "name": "div_background_image_unicode_encoded2",
+    "input": "<DIV STYLE=\"background-image:\u0075\u0072\u006C\u0028'\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028.1027\u0058.1053\u0053\u0027\u0029'\u0029\">foo</div>",
+    "output": "<div>foo</div>"
+  },
+
+  {
+    /* uh, fix what appear to be typos that have propagated over the years */
+    "name": "div_background_image_unicode_encoded3",
+    "input": "<DIV STYLE=\"background-image:\u0075\u0072\u006C\u0028'\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028\u0027\u0058\u0053\u0053\u0027\u0029'\u0029\">foo</div>",
+    "output": "<div>foo</div>"
+  },
+
+  {
+    /* and finally a version that has a chance of actually demonstrating a javascript vulnerability */
+    "name": "div_background_image_unicode_encoded4",
+    "input": "<DIV STYLE=\"background-image:\u0075\u0072\u006C\u0028'\u006a\u0061\u0076\u0061\u0073\u0063\u0072\u0069\u0070\u0074\u003a\u0061\u006c\u0065\u0072\u0074\u0028\u0031\u0032\u0033\u0034\u0029'\u0029\">foo</div>",
+    "output": "<div>foo</div>"
+  },
+
   {
     "name": "div_expression",
     "input": "<div style=\"width: expression(alert('XSS'));\">foo</div>",