Louis Random Audit avatar

XSS Comprehensive Test Suite - HTML Mode

louis.random

Published: 06 Apr 2026 › Updated: 06 Apr 2026XSS Comprehensive Test Suite - HTML Mode

XSS Comprehensive Test Suite - HTML Mode


XSS Comprehensive Test Suite - HTML Mode

Authorized security audit - testing sanitization of HTML payloads when Remarkable parser is bypassed.

1. mXSS via Style Tag Stripping

Testing mutation XSS where style tags may be stripped but inner content preserved:

2. Various img Payloads

Testing image tag event handler injection:

3. Link Payloads

Testing javascript: and data: URI schemes in anchors:

link1 link2 link3 hive-scheme

4. iframe Payloads

Testing iframe injection vectors:

(Unsupported src)
(Unsupported src)
(Unsupported https://evil.com)

5. Details/Summary Payloads

Testing interactive element event handlers:

x x

6. Table Payloads

Testing CSS and attribute injection in tables:

x
x

7. Source/Picture Payloads

Testing picture/source element injection:

8. SVG/Math Payloads

Testing SVG and MathML injection (should be stripped):

x

9. DOM Clobbering

Testing DOM clobbering vectors:

proto

10. Embed Token Injection

Testing post-sanitization embed replacement bypass:

~~~ embed:test twitter metadata:PHNjcmlwdD5hbGVydCgndHdpdHRlci14c3MnKTwvc2NyaXB0Pg== ~~~ ~~~ embed:test reddit metadata:fDxzY3JpcHQ+YWxlcnQoJ3JlZGRpdC14c3MnKTwvc2NyaXB0PnxodHRwczovL3JlZGRpdC5jb20vci90ZXN0L2NvbW1lbnRzLzEvcG9zdHx0ZXN0 ~~~

This post is part of an authorized security audit. All payloads are for testing sanitization only.

Leave XSS Comprehensive Test Suite - HTML Mode to:

Written by

<img src=x onerror=alert('about-xss')> Test bio

Read more #test posts


Best Posts From Louis Random Audit

We have not curated any of louis.random's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.

More Posts From Louis Random Audit