Crate jsdoctest [−] [src]
A variety of tests for malicious code injection.
Everything here is safe to click (brson). Anyl local paths work on Win 10.
javascript links
Case matters:
local links
inline html and scripts
an inline html that invokes a script:
an inline script:
inline html with script onclick: click me
funky images
js image:
local file:
local text file:
regular non-local image:
non-local html served as image:
non-local html served as gif (I actually can't trick GitHub inter serving this as non-html ContentType)
non-local html served as gif (I actually can't trick GitHub inter serving this as non-html ContentType)
(I can't actually find a service that will serve a .jpg-named html as mimetype text/html - and the browser mime sniffer would probably figure it out anyway)