2
2
2
2This enumerates through all HTML tags and checks if the span gets HTML encoded.
<$[data1] id=x><span></span></$[data1]>x.innerHTML.includes('<') && log('$[data1]')<textarea id=x><span></span></textarea><title id=x><span></span></title>