XSS Comprehensive Test Suite - HTML Mode

Authorized security audit - testing sanitization of HTML payloads when Remarkable parser is bypassed.

1. mXSS via Style Tag Stripping

Testing mutation XSS where style tags may be stripped but inner content preserved:

2. Various img Payloads

Testing image tag event handler injection:

3. Link Payloads

Testing javascript: and data: URI schemes in anchors:

link1 link2 link3 hive-scheme

4. iframe Payloads

Testing iframe injection vectors:

(Unsupported src)

(Unsupported https://evil.com)

5. Details/Summary Payloads

Testing interactive element event handlers:

x x

6. Table Payloads

Testing CSS and attribute injection in tables:

7. Source/Picture Payloads

Testing picture/source element injection:

8. SVG/Math Payloads

Testing SVG and MathML injection (should be stripped):

9. DOM Clobbering

Testing DOM clobbering vectors:

proto

10. Embed Token Injection

Testing post-sanitization embed replacement bypass:

~~~ embed:test twitter metadata:PHNjcmlwdD5hbGVydCgndHdpdHRlci14c3MnKTwvc2NyaXB0Pg== ~~~ ~~~ embed:test reddit metadata:fDxzY3JpcHQ+YWxlcnQoJ3JlZGRpdC14c3MnKTwvc2NyaXB0PnxodHRwczovL3JlZGRpdC5jb20vci90ZXN0L2NvbW1lbnRzLzEvcG9zdHx0ZXN0 ~~~

This post is part of an authorized security audit. All payloads are for testing sanitization only.

test

2026-04-06 18:58

louis.random(59)

via hiveblog

This post was published via hiveblog. Ecency is not the originator or editor of this content and displays it for discovery purposes only.

$ 0.338