Submit UNTRUSTED data and check results

This is a test page for the package laravelgems\blade-escape


@text usage
Source:
<p>Untrusted text: @text($untrusted)</p>

Result:

Untrusted text: <script>alert(1)</script>

@attr usage
Source:
<input type="text" value="@attr($untrusted)"/>


Source:
<a href="" title="@attr($untrusted)">Hover cursor and check title</a>

Hover cursor and check title
@css usage
Source:
<q style='quotes: "@css($untrusted)" "@css($untrusted)";'>Some cool quote</q>

Using untrusted data as 'quotes' (crazy, i know):
Some cool quote
Source:
<style>.userDefinedLabel:before { color: red; content: "@css($untrusted)";}</style><p class="userDefinedLabel">Some text here</p>

Using untrusted data as 'content' value:

Some text here

@js usage
Source:
<script>var untrustedJS = "@js($untrusted)"; document.getElementById("untrustedJsBox").value=untrustedJS;</script>


Source:
<a href="#" onclick="document.getElementById('untrustedJsBox2').value='@js($untrusted)'; return false;">Click Me and check the next field</a>

Click Me and check the next field
@param usage
Source:
<a href="/package/blade-escape/test?param=@param($untrusted)">Link should be OK</a>

Link with untrusted GET parameter Link should be OK