1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
/// I'm trying to XSS in documentation /// <script> /// alert(String.fromCharCode(73, 110, 106, 101, 99, 116, 101, 100, 32, 102, 114, 111, 109, 32, 115, 99, 114, 105, 112, 116, 32, 116, 97, 103, 32, 111, 110, 32, 100, 111, 99, 117, 109, 101, 110, 116, 97, 116, 105, 111, 110)); /// </script> /// /// Try to hover this image /// <img src="//goo.gl/9dnY2K" onmouseover="alert('Injected from img tag in documentation')"> /// /// Try to execute javascript in src attr from image /// <img src="javascript:void(alert('Injected from img with poisoned src'))"> /// /// ### <a name="anchor" onclick="alert('Injected from the anchor element in documentation')">Try to click this anchor</a> /// Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod /// tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, /// quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo /// consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse /// cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non /// proident, sunt in culpa qui officia deserunt mollit anim id est laborum. pub fn slice_to_hex(slice: &[u8]) -> String { let mut result = String::new(); for byte in slice { result.push_str(&format!("{:x}", byte)); } result } #[cfg(test)] mod tests { #[test] fn it_works() { assert_eq!(2 + 2, 4); } }