This is an example of a bad input:
<script type="text/javascript">window.location=XMLHttpRequest(do-the-evil); for(var doMore="evil"; doMore++; doMore<everything) {}</script>
To trigger an IDS exception:
- Login as
demo
or some other non-super-user - Navigate to
civicrm/dashboard
- In the URL bar, append
?foo=
plus the bad input, e.g.
http://example.org/civicrm/dashboard?foo=%3Cscript%20type=%22text/javascript%22%3Ewindow.location=XMLHttpRequest(do-the-evil);%20for(var%20doMore=%22evil%22;%20doMore++;%20doMore%3Ceverything)%20{}%3C/script%3E