Source code
Revision control
Copy as Markdown
Other Tools
[attr-security.html]
['background-image: src("https://does-not-exist.test/404.png")' with data-foo="https://does-not-exist.test/404.png"]
expected: FAIL
['background-image: src(string("https://does-not-exist.test/""404.png"))' with data-foo="/404.png"]
![https://does-not-exist.test/""404.png](https://does-not-exist.test/""404.png){kind=link}
expected: FAIL
['background-image: image("https://does-not-exist.test/404.png")' with data-foo="https://does-not-exist.test/404.png"]
expected: FAIL
['--x: image-set(if(style(--true): attr(data-foo);))' with data-foo="https://does-not-exist.test/404.png"]
expected: FAIL
['background-image: image-set(\n if(style(--true): url(https://does-not-exist-2.test/404.png);\n else: attr(data-foo);))' with data-foo="https://does-not-exist-2.test/404.png"]
expected: FAIL
['background-image: image-set(if(style(--true): url(https://does-not-exist.test/404.png);\n style(--condition-val): url(https://does-not-exist.test/404.png);\n else: url(https://does-not-exist.test/404.png);))' with data-foo="attr(data-foo type(*))"]
expected: FAIL
['--x: image-set(if(style(--condition-val: if(style(--true): attr(data-foo type(*));)): url(https://does-not-exist.test/404.png);))' with data-foo="3"]
expected: FAIL
['--x: image-set(if(style(--condition-val >= attr(data-foo type(*))): url(https://does-not-exist.test/404.png);))' with data-foo="3"]
expected: FAIL
['background-image: url(https://does-not-exist.test/404.png), attr(data-foo type(<image>))' with data-foo="linear-gradient(#000000, #ffffff)"]
expected: FAIL