!! hooks source !! endhooks !! test Non-existent language !!input foobar !! result 
foobar
!! end !! test No language specified !! wikitext foo !! html 
foo
!! end !! test No language specified (no wellformed xml) !! config wgWellFormedXml=false !! wikitext bar !! html 
bar
!! end !! test XSS is escaped !!input %253cscript%253ealert(document.cookie)%253c/script%253e !! result 
<script>alert("pwnd")</script>
<IMG SRC=`javascript:alert("RSnake says, 'XSS'")`>
<IMG
SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;
&#39;&#88;&#83;&#83;&#39;&#41;
\";alert('XSS');//
</script><script>alert('XSS');</script>
%253cscript%253ealert(document.cookie)%253c/script%253e
!! end !! test XSS is escaped (inline) !!input %253cscript%253ealert(document.cookie)%253c/script%253e !! result

<script>alert("pwnd")</script> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> <IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40; &#39;&#88;&#83;&#83;&#39;&#41; \";alert('XSS');// </script><script>alert('XSS');</script> %253cscript%253ealert(document.cookie)%253c/script%253e

!! end !! test Default behaviour (inner is pre) !!input var a; !! result 
var a;
!! end !! test Multiline in lists !!input * a b * foo a b !! html !! html+tidy !! end !! test Custom attributes !!input var a; !! result 
var a;
!! end !! test Inline attribute (inline code) !!input Text var a;. !! result

Text var a;.

!! end !! test Enclose none (inline code) !!input Text var a;. !! result

Text var a;.

!! end