Dynamic rendering

This option adds a dynamic rendering mode to Shazzer where templates are evaluated repeatedly with a mutable character placeholder. The $[chr] token is substituted with candidate characters and $[i] tracks the index or code point being tested. The renderer evaluates the supplied template in the selected mode and observes execution side effects rather than static output. For example, in XSS mode the template <img/src/$[chr]onerror=$[chr]log($[i])> is executed and Shazzer records which characters successfully trigger the sink. In this case it returns the character codes 9,10,12,13,32, identifying the whitespace characters that allow the payload to function. This makes it easy to enumerate context sensitive separators or control characters without hardcoding assumptions.

The same mechanism works across multiple parsing and execution contexts. In HTML mode the template <!----$[chr]>&ltfound> is rendered and Shazzer watches for the appearance of <found> to determine which characters successfully close the comment. In JS mode the template $[chr]log($[i]) identifies characters that result in valid execution. Because results are derived dynamically from the target parser or engine, this is well suited to automation. MCP clients or AI agents can drive Shazzer as an oracle, adjusting templates and consuming the returned character codes to build payloads, infer grammar rules, or adapt exploitation strategies in real time rather than relying on static wordlists.