another xss test and securitymd

ncase · ncase · commit f49c4fc2da74 · 2023-07-19T13:48:18.000-04:00
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+Did you find an XSS or similarly bad security issue with Nutshell? If so:
+
+1) Whoops, sorry 😬
+
+2) Please contact me at this email!
+
+![](https://ncase.me/faq/contact.jpg)
+
+And then I will attempt to fix it, eventually.
+
+Thank you!
diff --git a/test/xss-test-victim.html b/test/xss-test-victim.html
@@ -12,6 +12,7 @@ <h2>Heading</h2>
 <p>
     Does this test work?
     <a href="xss-test.html#cursed">:cursed</a>.
+    <a href="xss-test.html#linkfail">:also cursed</a>.
 </p>
 
 </body>
diff --git a/test/xss-test.html b/test/xss-test.html
@@ -20,5 +20,11 @@ <h2>Test</h2>
     Test!
 </p>
 
+<h2>Link Fail Test Too</h2>
+
+<p>
+    <a href='https://youtu.be/pQ2dI_B_Ycg?t=36"></iframe><img src=x onerror="alert(1)">'>:xss</a>
+</p>
+
 </body>
 </html>
