Note published 2016-05-02T02:40:27+00:00 - Indieberger

via Indieberger

Let's try to receive webmentions here.

I love the way your site looks, though I'm not really the Jony Ive. How easy is it for someone to discover the real author of this note? Please also check that the links in this note have no rel="me" attribute on them.

Clicking this

should not cause an alert.

This div

should not alert.

Try clicking this link

<script>alert("encoded-xss")</script>

and this too.

Mouse over this

should not cause an alert. This broken

should not throw an alert.

alert("XSS4");//

Neither should .

Please look at the Owasp XSS prevention cheat sheet for more information.

Congratulations! You've successfully handled a webmentioned note.

This test embeds XSS within the hcard name and time field. Clicking on

the name or title should not raise an alert.