Unified way to trigger a vulnerability

[Metnew]

Problem

Some PoCs require user gestures(drag or click), while some PoCs don't need it. In most cases element that triggers the vulnerability is something similar to <button id="x">Click me</button>

onclick

Most PoCs collected from trackers have window.onclick handler to trigger the vulnerability. This's bad, because, it makes manual testing from mobile devices impossible.

Solution (button[id="trigger"])

I propose triggering the PoC by making button[id="trigger"] as a unified way to trigger vulnerabilities.

drag and other gestures

I think that's ok to ignore vulnerabilities requiring DnD or oncontextmenu, because in most cases they're not so severe as vulnerabilities requiring click.