Cross-Site Scripting (XSS)
- Vulnerable
- Solution 1
- Solution 2
- Solution 3
The following blog post should not cause any arbitrary JavaScript to run.
Blog Post
Bob's HTML post (published)
Published: true
This is Bob's blog post using <b>HTML</b> and an image: <img src="x" onerror="alert('pwned')" />