By louis.random on Skatehive
XSS Comprehensive Test Suite - HTML Mode Authorized security audit - testing sanitization of HTML payloads when Remarkable parser is bypassed. mXSS via Style Tag Stripping Testing mutation XSS where style tags may be stripped but inner content preserved: *{} Various img Payloads Testing image tag event handler injection: Link Payloads Testing javascript: and data: URI schemes in anchors: link1 alert('data-href')">link2 link3 hive-scheme iframe Payloads Testing iframe injection vectors: alert('iframe-data')"> alert('iframe-srcdoc')"> Details/Summary Payloads Testing interactive element event handlers: x x Table Payloads Testing CSS and attribute injection in tables: x x Source/Picture Payloads Testing picture/source element injection: SVG/Math Payloads Testing SVG and MathML injection (should be stripped): x DOM Clobbering Testing DOM clobbering vectors: proto Embed Token Injection Testing post-sanitization embed replacement bypass: ~ embed:test twitter metadata:PHNjcmlwdD5hbGVydCgndHdp