markdown-it/test/fixtures/remarkable/xss.txt

.
[normal link](javascript)
.
<p><a href="javascript">normal link</a></p>
.


Should not allow some protocols in links and images

.
[xss link](javascript:alert(1))

[xss link](JAVASCRIPT:alert(1))

[xss link](vbscript:alert(1))

[xss link](VBSCRIPT:alert(1))

[xss link](file:///123)
.
<p>[xss link](javascript:alert(1))</p>
<p>[xss link](JAVASCRIPT:alert(1))</p>
<p>[xss link](vbscript:alert(1))</p>
<p>[xss link](VBSCRIPT:alert(1))</p>
<p>[xss link](file:///123)</p>
.


.
[xss link](&#34;&#62;&#60;script&#62;alert&#40;&#34;xss&#34;&#41;&#60;/script&#62;)
.
<p><a href="%22%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E">xss link</a></p>
.

.
[xss link](<javascript:alert(1)>)
.
<p>[xss link](&lt;javascript:alert(1)&gt;)</p>
.

.
[xss link](javascript&#x3A;alert(1))
.
<p>[xss link](javascript:alert(1))</p>
.


Image parser use the same code base.

.
![xss link](javascript:alert(1))
.
<p>![xss link](javascript:alert(1))</p>
.


Autolinks

.
<javascript&#x3A;alert(1)>

<javascript:alert(1)>
.
<p>&lt;javascript:alert(1)&gt;</p>
<p>&lt;javascript:alert(1)&gt;</p>
.


Linkifier

.
javascript&#x3A;alert(1)

javascript:alert(1)
.
<p>javascript:alert(1)</p>
<p>javascript:alert(1)</p>
.
more fixes in link protocols check 10 years ago			`.`
			`[normal link](javascript)`
			`.`
			`<p><a href="javascript">normal link</a></p>`
			`.`



Improved prohibited protocols check in links 10 years ago			`Should not allow some protocols in links and images`

			`.`
			`[xss link](javascript:alert(1))`
Better error handling in link normalizer + more tests for edge cases 10 years ago
			`[xss link](JAVASCRIPT:alert(1))`

			`[xss link](vbscript:alert(1))`

			`[xss link](VBSCRIPT:alert(1))`

			`[xss link](file:///123)`
Improved prohibited protocols check in links 10 years ago			`.`
			`<p>[xss link](javascript:alert(1))</p>`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p>[xss link](JAVASCRIPT:alert(1))</p>`
			`<p>[xss link](vbscript:alert(1))</p>`
			`<p>[xss link](VBSCRIPT:alert(1))</p>`
			`<p>[xss link](file:///123)</p>`
Improved prohibited protocols check in links 10 years ago			`.`

Better error handling in link normalizer + more tests for edge cases 10 years ago
Improved prohibited protocols check in links 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`[xss link]("><script>alert("xss")</script>)`
Improved prohibited protocols check in links 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p><a href="%22%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E">xss link</a></p>`
Improved prohibited protocols check in links 10 years ago			`.`

			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`[xss link](<javascript:alert(1)>)`
Improved prohibited protocols check in links 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p>[xss link](<javascript:alert(1)>)</p>`
Improved prohibited protocols check in links 10 years ago			`.`

			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`[xss link](javascript:alert(1))`
Improved prohibited protocols check in links 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p>[xss link](javascript:alert(1))</p>`
Improved prohibited protocols check in links 10 years ago			`.`

Better error handling in link normalizer + more tests for edge cases 10 years ago
			`Image parser use the same code base.`

more fixes in link protocols check 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`![xss link](javascript:alert(1))`
more fixes in link protocols check 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p>![xss link](javascript:alert(1))</p>`
more fixes in link protocols check 10 years ago			`.`


Better error handling in link normalizer + more tests for edge cases 10 years ago			`Autolinks`

Improved prohibited protocols check in links 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<javascript:alert(1)>`

			`<javascript:alert(1)>`
Improved prohibited protocols check in links 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p><javascript:alert(1)></p>`
			`<p><javascript:alert(1)></p>`
Improved prohibited protocols check in links 10 years ago			`.`
Enabled pending test 10 years ago

Better error handling in link normalizer + more tests for edge cases 10 years ago			`Linkifier`
Enabled pending test 10 years ago
			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`javascript:alert(1)`

			`javascript:alert(1)`
Enabled pending test 10 years ago			`.`
Better error handling in link normalizer + more tests for edge cases 10 years ago			`<p>javascript:alert(1)</p>`
			`<p>javascript:alert(1)</p>`
Enabled pending test 10 years ago			`.`