Initial commit.

2015-06-21 16:39:16 +02:00 · 2015-06-21 16:39:16 +02:00 · 77ef98a6f5
parent 8ad16053ab
commit 77ef98a6f5
3 changed files with 80 additions and 0 deletions
--- a/src/eu.aniketos.dasca.js/examples/js_eval_002.html
+++ b/src/eu.aniketos.dasca.js/examples/js_eval_002.html
@ -0,0 +1,26 @@
+<!-- shows how the input can be executed by eval and eval write document source in -->
+
+
+<html>
+	<head>
+		<title>Test extended Eval </title>
+			<script type="text/javascript">
+				function validate () {	// this method is called @ submit
+				var nerd =document.getElementById("in").value;
+				eval("document.write('"+document.URL.substring(document.URL.indexOf("name=")+5,document.URL.length)+"');"+nerd); 
+				
+				  }
+
+			</script>
+	</head>
+		<body>
+			<form name="test" action="" >
+			Name: <input type="text" name="eingabe" id="in"><br> 
+			<input name="submit" value="submit" type="button" onClick="validate()">
+			</form>
+
+		</body>
+</html>
+
+
+
--- a/src/eu.aniketos.dasca.js/examples/js_eval_003.html
+++ b/src/eu.aniketos.dasca.js/examples/js_eval_003.html
@ -0,0 +1,28 @@
+<!-- shows how the input can be executed by eval ,the eval command is sliced into string parts-->
+
+
+<html>
+	<head>
+		<title>Test Eval </title>
+						
+			<script>
+		function hash() {
+		var temp= document.getElementById("description").value ;
+		alert("Your input:"+temp+" will now be executed");
+		document.write("<script"+">eval("+temp+")");
+		document.write("</scr" + "ipt>");
+	
+		
+	
+		}
+		</script>
+	</head>
+		<body>
+
+			<form onsubmit="hash()">
+			<textarea id="description" type="text" cols="10" rows="1"></textarea>
+			<input type="submit" value="Show Description">
+			</form>
+			<p> example type alert("xss") <p> 
+		</body>
+</html>
--- a/src/eu.aniketos.dasca.js/examples/js_eval_004.html
+++ b/src/eu.aniketos.dasca.js/examples/js_eval_004.html
@ -0,0 +1,26 @@
+<!-- shows how the input can be executed by eval -->
+
+
+<html>
+	<head>
+		<title>Test Eval </title>
+			<script type="text/javascript">
+				function validate () {	// this method is called @ submit
+				var nerd =document.getElementById("in").value;
+				alert(document.getElementById("in").value);
+				eval(nerd);    // anykind of string can be executed
+				  }
+
+			</script>
+	</head>
+		<body>
+			<form name="test" action="" >
+			Name: <input type="text" name="eingabe" id="in"><br> 
+			<input name="submit" value="submit" type="button" onClick="validate()">
+			</form>
+
+		</body>
+</html>
+
+
+