GitBook: [#3280] No subject

pentesting-web/xss-cross-site-scripting/README.md

@@ -209,7 +209,7 @@ Some **examples**:
 
 When your input is reflected **inside the HTML page** or you can escape and inject HTML code in this context the **first** thing you need to do if check if you can abuse `<` to create new tags: Just try to **reflect** that **char** and check if it's being **HTML encoded** or **deleted** of if it is **reflected without changes**. **Only in the last case you will be able to exploit this case**.\
 For this cases also **keep in mind** [**Client Side Template Injection**](../client-side-template-injection-csti.md)**.**\
-_**Note: A HTML comment can be closed using\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\***** ****`-->`**** ****or \*\*\*\*****`--!>`**_
+_**Note: A HTML comment can be closed using**** ****`-->`**** ****or**** ****`--!>`**_
 
 In this case and if no black/whitelisting is used, you could use payloads like:
 
@@ -1182,10 +1182,10 @@ alert("XSS");
      <iframe xmlns="http://www.w3.org/1999/xhtml" src="data:text/html,&lt;body&gt;&lt;script&gt;document.body.style.background=&quot;red&quot;&lt;/script&gt;hi&lt;/body&gt;" width="400" height="250"/>
      <iframe xmlns="http://www.w3.org/1999/xhtml" src="javascript:document.write('hi');" width="400" height="250"/>
   </foreignObject>
-</svg>ht
+</svg>
 ```
 
-Find m**ore SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](https://github.com/allanlw/svg-cheatsheet)\*\*\*\*
+Find **more SVG payloads in** [**https://github.com/allanlw/svg-cheatsheet**](https://github.com/allanlw/svg-cheatsheet)
 
 ## XSS resources