Cross-Site Scripting (XSS)


The following blog post should not cause any arbitrary JavaScript to run.

Blog Post

Bob's Markdown post (published)

Published: true

This is Bob's blog post using Markdown and an image in HTML: <img src="x" onerror="alert('pwned')" />