forked from googleprojectzero/domato
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtemplate.html
executable file
·77 lines (48 loc) · 1.46 KB
/
template.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<!-- saved from url=(0014)about:internet -->
<html>
<head>
<style>
/*begincss*/
<cssfuzzer>
/*endcss*/
</style>
<script>
function freememory() {
try { CollectGarbage(); } catch(err) { }
try { FuzzingFunctions.garbageCollect(); } catch(err) { }
try { FuzzingFunctions.cycleCollect(); } catch(err) { }
try { window.gc(); } catch(err) { }
}
var runcount = {'jsfuzzer':0, 'eventhandler1':0, 'eventhandler2':0, 'eventhandler3':0, 'eventhandler4':0, 'eventhandler5':0}
function GetVariable(fuzzervars, var_type) { if(fuzzervars[var_type]) { return fuzzervars[var_type]; } else { return null; }}
function SetVariable(fuzzervars, var_name, var_type) { fuzzervars[var_type] = var_name; }
function jsfuzzer() {
runcount["jsfuzzer"]++; if(runcount["jsfuzzer"] > 2) { return; }
<jsfuzzer>
}
function eventhandler1() {
runcount["eventhandler1"]++; if(runcount["eventhandler1"] > 2) { return; }
<jsfuzzer>
}
function eventhandler2() {
runcount["eventhandler2"]++; if(runcount["eventhandler2"] > 2) { return; }
<jsfuzzer>
}
function eventhandler3() {
runcount["eventhandler3"]++; if(runcount["eventhandler3"] > 2) { return; }
<jsfuzzer>
}
function eventhandler4() {
runcount["eventhandler4"]++; if(runcount["eventhandler4"] > 2) { return; }
<jsfuzzer>
}
function eventhandler5() {
runcount["eventhandler5"]++; if(runcount["eventhandler5"] > 2) { return; }
<jsfuzzer>
}
</script>
</head>
<body onload=jsfuzzer()>
<!--beginhtml--><htmlfuzzer><!--endhtml-->
</body>
</html>