websafe-kb/06-case-studies/generated-runs/nextjs-nextjs--CVE-2021-39178-20260318013032/assets/proof-dom.html

<!DOCTYPE html><html lang="zh-CN" data-xss-proof="true"><head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Next.js XSS Fixture - proof</title>
  <style>
    body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
    main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
    .proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
    .baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
    code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
  </style>
</head>
<body>
  <main>
    <h1>Next.js XSS Fixture</h1>
    <p>Browser proof page for stored payload rendering.</p>
    <div class="proof">Proof active: stored payload rendered inside the browser proof page</div>
    <p>System: <code>nextjs</code> / Family: <code>xss</code></p>
    
    <script>document.documentElement.setAttribute("data-xss-proof","true");document.title="Next.js XSS Fixture - proof";</script><div id="xss-proof">XSS marker executed for nextjs--CVE-2021-39178</div>
    
    
    
  </main>

</body></html>