Rektosaurus
A test suite to check for client-side script injection via NFTs.
Overview
NFTs contain a variety of metadata and content that gets processed and rendered all over the place. Some subspecies of NFTs (e.g. generative art) explicitly require arbitrary scripts to be executed. Allowing user-supplied code while preventing malicious actions is challenging. Rektosaurus implements a number of attacks to help test for client-side attacks.
Payloads are hosted on rex.rektosaurus.io.