Paste Handler

Clipboard Paste XSS

The rich-paste handler reads `clipboardData` and writes it via `innerHTML`, so a copied snippet from a malicious page can execute script in the user's session.

CWE-79
Back to hub Reload scenario
Paste here
paste a payload

  


      

    


    

      

        
Expected Findings

        
    
          
  • Paste handler reads `text/html` from the clipboard and writes via `innerHTML`.
  • Sanitizer was added once and removed for keeping styled content.
  • Same handler is reused across the comments and DM surfaces.
    • 
        

      


      

      

        
Signals

        
        

          
Bug

          
el.innerHTML = e.clipboardData.getData("text/html")

        

        
      

    


    

    

      Developed by vibe-eval.com for validation and testing purposes only.