Cross-Site Scripting (XSS)
- Vulnerable
- Solution 1
- Solution 2
- Solution 3
The following blog post should not cause any arbitrary JavaScript to run.
Blog Post
Bob's Markdown post (published)
Published: true
This is Bob's blog post using Markdown and an image in HTML: <img src="x" onerror="alert('pwned')" />