โ ๏ธ Security Testing Page
This page is designed to test XSS vulnerabilities. The rendered SVG is inserted using innerHTML, which is the vulnerable pattern identified in the security review. Click on any test payload below to load it into the editor.
๐งช XSS Test Payloads (Click to Load)
Test 1: Script Tag in Node Label
Tests if script tags in node labels are escaped
graph TD
A[<script>alert('XSS-TEST-1')</script>] --> B[Normal]
Test 2: Event Handler in Node Label
Tests if event handlers in node labels are escaped
graph TD
A[<img src=x onerror=alert('XSS-TEST-2')>] --> B[Normal]
Test 3: Style Directive Injection (CRITICAL)
Tests attribute injection via style directive - may bypass escaping
graph TD
A[Vulnerable] --> B[Target]
style A fill:#f00" onload="alert('XSS-STYLE-INJECTION')
Test 4: Style Directive onclick
Tests onclick injection via style directive
graph TD
A[Click Me] --> B[Target]
style A fill:#ff0" onclick="alert('XSS-CLICK')
Test 5: SVG foreignObject
Tests foreignObject injection in node labels
graph TD
A[<foreignObject><body onload=alert('XSS-FOREIGN')></body></foreignObject>] --> B