!! hooks source !! endhooks !! test Non-existent language !!input foobar !! result
foobar
!! end !! test No language specified !! wikitext foo !! html
foo
!! end !! test No language specified (no wellformed xml) !! config !! wikitext bar !! html
bar
!! end !! test XSS is escaped !!input %253cscript%253ealert(document.cookie)%253c/script%253e !! result
<script>alert("pwnd")</script>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;
\";alert('XSS');//
</script><script>alert('XSS');</script>
%253cscript%253ealert(document.cookie)%253c/script%253e
!! end !! test XSS is escaped (inline) !!input %253cscript%253ealert(document.cookie)%253c/script%253e !! result

<script>alert("pwnd")</script> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; &#39;&#88;&#83;&#83;&#39;&#41; \";alert('XSS');// </script><script>alert('XSS');</script> %253cscript%253ealert(document.cookie)%253c/script%253e

!! end !! test Default behaviour (inner is pre) !!input var a; !! result
var a;
!! end !! test Multiline in lists !!input * a b * foo a b !! html !! html+tidy !! end !! test Custom attributes !!input var a; !! result
var a;
!! end !! test Inline attribute (inline code) !!input Text var a;. !! result

Text var a;.

!! end !! test Enclose none (inline code) !!input Text var a;. !! result

Text var a;.

!! end !! test Enclose with nowiki !! input {{#tag:syntaxhighlight|foo|lang="text"|inline=none}} !! result

foo

!! end