模块:Deep2 AddWarning

可在模块:Deep2 AddWarning/doc创建此模块的帮助文档

local p = {}
function p.test()
    -- Can we inject HTML/JS through addWarning?
    local test_payloads = {
        "NORMAL_WARNING",
        '<script>alert(1)</script>',
        '{{#invoke:Example|hello}}',
        '<?php system("id"); ?>',
        '"><img src=x onerror=alert(1)>',
        'UNESCAPED', '<', '>', '"', '&',
    }
    local results = {}
    for _, pl in ipairs(test_payloads) do
        local ok, err = pcall(mw.addWarning, pl)
        results[#results+1] = pl:sub(1,30) .. "=" .. tostring(ok)
    end
    return table.concat(results, " | ")
end
return p