XSS Bypass for Rich Text Editors

Tips for bypassing XSS filters in rich text editors like TinyMCE

Introduction

As bug bounty hunters and pen-testers, it’s crucial to know how to bypass XSS filters such as TinyMCE. Rich text editors tend to allow HTML tags by design and use filters to prevent XSS.

1. Start with built-in functions and basic probes