# XSS safe marker reference.
# Use harmless markers first. Avoid credential theft, session exfiltration, or browser exploitation payloads.

RTEXIT_XSS_MARKER
<b>RTEXIT_XSS_MARKER</b>
<img src=x alt=RTEXIT_XSS_MARKER>

## Context Notes

- HTML text context: prove rendering safely.
- Attribute context: verify encoding and quote handling.
- JavaScript context: avoid executing harmful code; document sink and encoding.
- DOM context: record source, sink, and transformation path.

## Evidence Standard

Capture the request, affected parameter, rendered context, browser screenshot, and remediation recommendation.

