Tags that have been input are parsed and rendered as HTML, rather than being escaped. As entering valid HTML tags causes the tags to be marked up. Entering broken tags causes erratic formatting. And entering scripts causes them to be executed.
Examples:
<h1>test h1</h1>
<p
</input>
<img src=x onerror=alert(1)>
Result:
Tags that have been input are parsed and rendered as HTML, rather than being escaped. As entering valid HTML tags causes the tags to be marked up. Entering broken tags causes erratic formatting. And entering scripts causes them to be executed.
Examples:
Result:
