| 6dd74de | | | 1 | <html> |
| 6dd74de | | | 2 | <head> |
| 6dd74de | | | 3 | <link href="https://fonts.googleapis.com/css?family=Montserrat&display=swap" rel="stylesheet" /> |
| 6dd74de | | | 4 | <link href="https://unpkg.com/tailwindcss@^1.0/dist/tailwind.min.css" rel="stylesheet" /> |
| 6dd74de | | | 5 | <link |
| 6dd74de | | | 6 | rel="stylesheet" |
| 6dd74de | | | 7 | href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.7.2/css/font-awesome.min.css" |
| 6dd74de | | | 8 | /> |
| 6dd74de | | | 9 | <link |
| 6dd74de | | | 10 | href="https://fonts.googleapis.com/css?family=Noto+Sans+SC&display=swap" |
| 6dd74de | | | 11 | rel="stylesheet" |
| 6dd74de | | | 12 | /> |
| 6dd74de | | | 13 | <style> |
| 6dd74de | | | 14 | body { |
| 6dd74de | | | 15 | /* background: rgb(221, 208, 208); */ |
| 6dd74de | | | 16 | /* background:#333; */ |
| 6dd74de | | | 17 | font-family: 'Arial'; |
| 6dd74de | | | 18 | /* font-size: 18px !important; */ |
| 6dd74de | | | 19 | } |
| 6dd74de | | | 20 | h1 { |
| 6dd74de | | | 21 | color: grey; |
| 6dd74de | | | 22 | } |
| 6dd74de | | | 23 | .mermaid2 { |
| 6dd74de | | | 24 | display: none; |
| 6dd74de | | | 25 | } |
| 6dd74de | | | 26 | .mermaid svg { |
| 6dd74de | | | 27 | /* font-size: 18px !important; */ |
| 6dd74de | | | 28 | } |
| 6dd74de | | | 29 | .malware { |
| 6dd74de | | | 30 | position: fixed; |
| 6dd74de | | | 31 | bottom: 0; |
| 6dd74de | | | 32 | left: 0; |
| 6dd74de | | | 33 | right: 0; |
| 6dd74de | | | 34 | height: 150px; |
| 6dd74de | | | 35 | background: red; |
| 6dd74de | | | 36 | color: black; |
| 6dd74de | | | 37 | display: flex; |
| 6dd74de | | | 38 | display: flex; |
| 6dd74de | | | 39 | justify-content: center; |
| 6dd74de | | | 40 | align-items: center; |
| 6dd74de | | | 41 | font-family: monospace; |
| 6dd74de | | | 42 | font-size: 72px; |
| 6dd74de | | | 43 | } |
| 6dd74de | | | 44 | </style> |
| 6dd74de | | | 45 | <script> |
| 6dd74de | | | 46 | function xssAttack() { |
| 6dd74de | | | 47 | const div = document.createElement('div'); |
| 6dd74de | | | 48 | div.id = 'the-malware'; |
| 6dd74de | | | 49 | div.className = 'malware'; |
| 6dd74de | | | 50 | div.innerHTML = 'XSS Succeeded'; |
| 6dd74de | | | 51 | document.getElementsByTagName('body')[0].appendChild(div); |
| 6dd74de | | | 52 | throw new Error('XSS Succeeded'); |
| 6dd74de | | | 53 | } |
| 6dd74de | | | 54 | </script> |
| 6dd74de | | | 55 | </head> |
| 6dd74de | | | 56 | <body> |
| 6dd74de | | | 57 | <div>Security check</div> |
| 6dd74de | | | 58 | <div class="flex"> |
| 6dd74de | | | 59 | <div id="diagram" class="mermaid"></div> |
| 6dd74de | | | 60 | <div id="res" class=""></div> |
| 6dd74de | | | 61 | </div> |
| 6dd74de | | | 62 | <script type="module"> |
| 6dd74de | | | 63 | import mermaid from './mermaid.esm.mjs'; |
| 6dd74de | | | 64 | mermaid.parseError = function (err, hash) { |
| 6dd74de | | | 65 | // console.error('Mermaid error: ', err); |
| 6dd74de | | | 66 | }; |
| 6dd74de | | | 67 | mermaid.initialize({ |
| 6dd74de | | | 68 | theme: 'forest', |
| 6dd74de | | | 69 | arrowMarkerAbsolute: true, |
| 6dd74de | | | 70 | // themeCSS: '.edgePath .path {stroke: red;} .arrowheadPath {fill: red;}', |
| 6dd74de | | | 71 | logLevel: 0, |
| 6dd74de | | | 72 | state: { |
| 6dd74de | | | 73 | defaultRenderer: 'dagre-d3', |
| 6dd74de | | | 74 | }, |
| 6dd74de | | | 75 | flowchart: { |
| 6dd74de | | | 76 | // defaultRenderer: 'dagre-wrapper', |
| 6dd74de | | | 77 | nodeSpacing: 10, |
| 6dd74de | | | 78 | curve: 'cardinal', |
| 6dd74de | | | 79 | htmlLabels: true, |
| 6dd74de | | | 80 | }, |
| 6dd74de | | | 81 | htmlLabels: true, |
| 6dd74de | | | 82 | // gantt: { axisFormat: '%m/%d/%Y' }, |
| 6dd74de | | | 83 | sequence: { actorFontFamily: 'courier', actorMargin: 50, showSequenceNumbers: false }, |
| 6dd74de | | | 84 | // sequenceDiagram: { actorMargin: 300 } // deprecated |
| 6dd74de | | | 85 | // fontFamily: '"times", sans-serif', |
| 6dd74de | | | 86 | // fontFamily: 'courier', |
| 6dd74de | | | 87 | fontSize: 18, |
| 6dd74de | | | 88 | curve: 'basis', |
| 6dd74de | | | 89 | securityLevel: 'antiscript', |
| 6dd74de | | | 90 | startOnLoad: false, |
| 6dd74de | | | 91 | secure: ['secure', 'securityLevel', 'startOnLoad', 'maxTextSize'], |
| 6dd74de | | | 92 | // themeVariables: {relationLabelColor: 'red'} |
| 6dd74de | | | 93 | }); |
| 6dd74de | | | 94 | function callback() { |
| 6dd74de | | | 95 | alert('It worked'); |
| 6dd74de | | | 96 | } |
| 6dd74de | | | 97 | function xssAttack() { |
| 6dd74de | | | 98 | const div = document.createElement('div'); |
| 6dd74de | | | 99 | div.id = 'the-malware'; |
| 6dd74de | | | 100 | div.className = 'malware'; |
| 6dd74de | | | 101 | div.innerHTML = 'XSS Succeeded'; |
| 6dd74de | | | 102 | document.getElementsByTagName('body')[0].appendChild(div); |
| 6dd74de | | | 103 | throw new Error('XSS Succeeded'); |
| 6dd74de | | | 104 | } |
| 6dd74de | | | 105 | |
| 6dd74de | | | 106 | let diagram = 'stateDiagram-v2\n'; |
| 6dd74de | | | 107 | diagram += 's2 : This is a state description<img/src'; |
| 6dd74de | | | 108 | diagram += "='1'/onerror=xssAttack()>"; |
| 6dd74de | | | 109 | |
| 6dd74de | | | 110 | // var diagram = "stateDiagram-v2\n"; |
| 6dd74de | | | 111 | // diagram += "<img/src='1'/onerror" |
| 6dd74de | | | 112 | // diagram += "=xssAttack()> --> B"; |
| 6dd74de | | | 113 | console.log(diagram); |
| 6dd74de | | | 114 | // document.querySelector('#diagram').innerHTML = diagram; |
| 6dd74de | | | 115 | const { svg } = await mermaid.render('diagram', diagram); |
| 6dd74de | | | 116 | console.log(res); |
| 6dd74de | | | 117 | document.querySelector('#res').innerHTML = svg; |
| 6dd74de | | | 118 | </script> |
| 6dd74de | | | 119 | </body> |
| 6dd74de | | | 120 | </html> |