Replying to @muellerberndt
NFTs contain a variety of metadata and content. Some subspecies of NFTs require JavaScript execution. Rektosaurus implements a number of attacks to help test for client-side attacks. 2/n
Right now there are ~40 payloads that try attack vectors like breaking out of HTML and quotes, SVGs that contain scripts/HTML, data URLs with various datatypes, XSS via markdown, and others. 3/n