• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1Parsing test.cs
2
3Start of File
4
5
6  Blah == wow
7
8
9
10
11
12
13wow (true)
14
15
16
17  This is True
18
19
20
21
22
23  wow
24
25
26
27I'm in test2.cs
28
29
30wow2
31
32
33I'm in test2.cs
34
35
36wow2
37
38
39escape: not used
40UrlArg: Secret Password~!@#$%^&*()+=-_|\[]{}:";'<>,.?
41BlahJs: quote ' backslash \ semicolon ; end tag </script>
42Title:  </title><script>alert(1)</script>
43
44
45escape: none
46UrlArg: Secret Password~!@#$%^&*()+=-_|\[]{}:";'<>,.?
47BlahJs: quote ' backslash \ semicolon ; end tag </script>
48Title:  </title><script>alert(1)</script>
49
50
51
52escape: html
53UrlArg: Secret Password~!@#$%^&amp;*()+=-_|\[]{}:&quot;;&#39;&lt;&gt;,.?
54BlahJs: quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
55Title:  &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
56
57
58
59escape: js
60UrlArg: Secret Password~!@#$%^\x26*()+=-_|\x5C[]{}:\x22\x3B\x27\x3C\x3E,.?
61BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
62Title:  \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3E
63
64
65
66escape: url
67UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
68BlahJs: quote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
69Title:  %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E
70
71
72
73Nested escaping: html
74The internal calls should take precedence
75url  -> UrlArg: Secret+Password%7E!%40%23%24%25%5E%26*()%2B%3D-_%7C%5C%5B%5D%7B%7D%3A%22%3B%27%3C%3E%2C.%3F
76js   -> BlahJs: quote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
77html -> Title:  &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
78
79
80Defining the macro echo_all inside of a "html" escape.
81
82
83Calling echo_all() macro:
84
85not used: </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
86none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
87url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
88js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
89html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
90
91
92
93Calling echo_all() macro from within "html":
94
95not used: &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
96none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
97url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
98js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
99html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
100
101
102
103
104Calling echo_all() macro from within "js":
105
106not used: \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
107none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
108url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
109js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
110html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
111
112
113
114
115Calling echo_all() macro from within "url":
116
117not used: %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
118none:     </title><script>alert(1)</script>quote ' backslash \ semicolon ; end tag </script>
119url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3Equote+%27+backslash+%5C+semicolon+%3B+end+tag+%3C%2Fscript%3E
120js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3Equote \x27 backslash \x5C semicolon \x3B end tag \x3C\x2Fscript\x3E
121html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;quote &#39; backslash \ semicolon ; end tag &lt;/script&gt;
122
123
124
125
126not used: &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
127none:     </title><script>alert(1)</script>
128url:      %3C%2Ftitle%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E
129js:       \x3C\x2Ftitle\x3E\x3Cscript\x3Ealert(1)\x3C\x2Fscript\x3E
130html:     &lt;/title&gt;&lt;script&gt;alert(1)&lt;/script&gt;
131
132
133
134  x = zero
135  x.num = #0
136
137
138  This is True.
139
140wow
141
142  x = one
143  x.num =
144
145
146  This is True.
147
148wow
149
150  x = two
151  x.num = #2
152
153
154  This is True.
155
156wow
157
158  x = three
159  x.num =
160
161
162  This is True.
163
164wow
165
166
167
168
169  This is False.
170
171
172
173  Outside 0
174
175    Inside = 0
176
177    Inside = 1
178
179
180  Outside 1
181
182    Inside = 2
183
184    Inside = 3
185
186
187  Outside 2
188
189    Inside = 2
190
191    Inside = 3
192
193
194  Outside 3
195
196
197
198
199  TestIf == 0
200
201
202
203Correct, "1" == "1"
204
205
206
207
208between comments
209
210
211
212More?
213