6:["$","div",null,{"className":"flex flex-col lg:flex-row","children":["$","div",null,{"children":[["$","div",null,{"className":"grid grid-cols-1 md:grid-cols-2 xl:grid-cols-2 gap-3","children":[["$","div",null,{"children":[["$","div",null,{"className":"mb-4","children":[["$","h1",null,{"className":"text-3xl font-bold break-words tracking-tight","children":"Character allowed after onerror event"}],["$","div",null,{"className":"flex flex-col gap-2","children":[false,["$","div",null,{"className":"flex flex-row","children":[["$","div","browserIcon0",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Chrome 145.0.0.0 - Updated 15d ago","children":[["$","$L16",null,{"src":"/logos/browsers/chrome.png","width":32,"height":32,"alt":"Chrome logo","className":"","priority":true}]," ",false," ",false," ",false," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"5"}]]}],["$","div","browserIcon1",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Firefox 148.0 - Updated 8d ago","children":[false," ",["$","$L16",null,{"src":"/logos/browsers/firefox.png","width":32,"height":32,"alt":"Firefox logo","className":"","priority":true}]," ",false," ",false," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"5"}]]}],["$","div","browserIcon2",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Microsoft Edge 145.0.0.0 - Updated 13d ago","children":[false," ",false," ",false," ",["$","$L16",null,{"src":"/logos/browsers/edge.png","width":32,"height":32,"alt":"Edge logo","className":"","priority":true}]," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"5"}]]}],["$","div","browserIcon3",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Safari 17.4 - Updated 1y ago","children":[false," ",false," ",["$","$L16",null,{"src":"/logos/browsers/safari.png","width":32,"height":32,"alt":"Safari logo","className":"","priority":true}]," ",false," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"5"}]]}]]}]]}]]}],["$","p",null,{"className":"text-base-content/80 break-words leading-relaxed mb-6","children":"I want to know which characters the browser accepts between an event handler and a equal sign."}],["$","div",null,{"className":"flex items-center gap-3 mb-6 p-3 bg-base-200 rounded-lg w-fit","children":[["$","div",null,{"className":"avatar","children":["$","div",null,{"className":"w-10 rounded-full","children":["$","$L16",null,{"src":"https://avatars.githubusercontent.com/u/165709578?v=4","width":40,"height":40,"alt":"InsertScript","className":"rounded-full"}]}]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide","children":"Created by"}],["$","$L1b","660b024e977c5dee97ed8e06",{"href":"/profile?id=660b024e977c5dee97ed8e06","className":"link link-hover font-semibold","children":"InsertScript"}]]}],null]}],["$","div",null,{"className":"flex flex-wrap gap-4 text-sm text-base-content/70 mb-6","children":[["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"}]}],["$","span",null,{"children":["Created"," ","Apr 2, 2024"]}]]}],["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"}]}],["$","span",null,{"children":["Updated"," ","May 28, 2025"]}]]}]]}],["$","div",null,{"className":"space-y-4","children":[["$","div",null,{"className":"flex flex-wrap gap-2","children":[["$","$L1c",null,{"data1":"","data2":"","end":65535,"initCode":"","afterCode":"","template":"

","mode":"XSS","csrfToken":"AAhZQZEUFfwN8LuPL8sp10bgRsnc0VPK2y8I/lHx","charset":"UTF-8"}],["$","$L1d",null,{"start":0,"end":65535,"autofuzz":false,"template":"

","vectorType":"XSS","fuzzToken":"701a9d9c7ad643b08d205ca8812ddedf2f7fdd917168af6ab2f50d093f72c3aa","initCode":"","afterCode":"","data1":"","data2":"","csrfToken":"AAhZQZEUFfwN8LuPL8sp10bgRsnc0VPK2y8I/lHx","id":"660bd4332c407644dfd17e02","doRedirect":true,"charset":"UTF-8"}]]}],["$","div",null,{"className":"divider my-2"}],["$","div",null,{"className":"flex flex-wrap items-center gap-2","children":[["$","button",null,{"type":"button","className":"btn btn-secondary","disabled":true,"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z"}]}],"Edit"]}],["$","$L1b",null,{"href":"/vectors/new/?id=660bd4332c407644dfd17e02","children":["$","button",null,{"type":"button","className":"btn btn-secondary","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"}]}],"Fork"]}]}],["$","$L1e",null,{"fuzzToken":"701a9d9c7ad643b08d205ca8812ddedf2f7fdd917168af6ab2f50d093f72c3aa"}],["$","$L1f",null,{"text":"Character allowed after onerror event"}],["$","$L20",null,{"disabled":true,"toggleLike":"$h21","id":"660bd4332c407644dfd17e02","likeCount":0,"currentLikeStatus":false,"csrfToken":"AAhZQZEUFfwN8LuPL8sp10bgRsnc0VPK2y8I/lHx"}]]}]]}]]}],["$","div",null,{"children":[["$","div",null,{"className":"mb-5","children":["$","$L22",null,{}]}],["$","div",null,{"className":"bg-base-200 rounded-lg p-4 mb-5","children":["$","div",null,{"className":"flex flex-wrap gap-3 lg:grid lg:grid-cols-2 justify-items-start","children":[["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Category"}],["$","span",null,{"className":"badge badge-primary","children":"HTML Parsing"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Visibility"}],["$","span",null,{"className":"badge badge-primary","children":"Public"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Type"}],["$","span",null,{"className":"badge badge-primary","children":"XSS"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Charset"}],["$","span",null,{"className":"badge badge-primary","children":"UTF-8"}]]}],"",""]}]}],"",["$","div",null,{"className":"mb-5","children":["Template used:",["$","br",null,{}],["$","$L23",null,{"code":"

","language":"markup","maxHeight":"300px"}]]}],""]}]]}],["$","div",null,{"className":"mt-5 overflow-x-visible overflow-y-auto max-h-[300px] w-full border-t border-slate-700 p-5","children":[["$","h2",null,{"className":"text-xl font-bold mb-3","children":"Sample payloads"}],["$","div",null,{"className":"flex gap-2","children":[["$","$L24",null,{"text":"Copy payloads to clipboard","data":"

"}],["$","$L25",null,{"vector":{"id":"660bd4332c407644dfd17e02","visibility":"Public","privatePrefixToken":"fb7fc36fc7","category":"HTML Parsing","initCode":"","afterCode":"","description":"I want to know which characters the browser accepts between an event handler and a equal sign.","name":"Character allowed after onerror event","type":"XSS","data1":"","data2":"","charset":"UTF-8","vector":"

","viewed":276,"fuzzToken":"701a9d9c7ad643b08d205ca8812ddedf2f7fdd917168af6ab2f50d093f72c3aa","createdAt":"$D2024-04-02T09:47:31.692Z","updatedAt":"$D2025-05-28T17:06:03.570Z","userId":"660b024e977c5dee97ed8e06","User":{"id":"660b024e977c5dee97ed8e06","name":"InsertScript","username":"InsertScript","image":"https://avatars.githubusercontent.com/u/165709578?v=4"}},"payloads":["

","

"]}]]}],["$","div",null,{"className":"grid grid-cols-1 md:grid-cols-2 xl:grid-cols-2 gap-3 mt-5","children":["$","$L26",null,{"vector":"$27","fuzzResults":[{"id":"697d3b9ea72478752e8e8ce2","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Chrome","version":"145.0.0.0","platform":"desktop","os":"Windows NT 10.0","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2026-01-30T23:15:42.962Z","updatedAt":"$D2026-02-16T19:58:56.552Z"},{"id":"69789a7b63e892e47e9c9d49","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Firefox","version":"148.0","platform":"desktop","os":"Windows NT 10.0","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2026-01-27T10:59:07.635Z","updatedAt":"$D2026-02-23T08:53:08.114Z"},{"id":"697700fc01041020b8980658","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Microsoft Edge","version":"145.0.0.0","platform":"desktop","os":"Windows NT 10.0","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2026-01-26T05:51:56.573Z","updatedAt":"$D2026-02-18T09:48:57.366Z"},{"id":"692483eef511cfcea09c1742","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Chrome","version":"143.0.0.0","platform":"desktop","os":"macOS 10.15.7","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2025-11-24T16:12:30.737Z","updatedAt":"$D2026-01-25T21:29:42.062Z"},{"id":"661c251e3c97235c8fdd3c27","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Safari","version":"17.4","platform":"Unknown","os":"Unknown","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2024-04-14T18:49:02.898Z","updatedAt":"$D2024-04-14T18:49:02.898Z"},{"id":"661c250edb3441bb88c9dc91","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Firefox","version":"124.0","platform":"Unknown","os":"Unknown","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2024-04-14T18:48:46.334Z","updatedAt":"$D2024-04-14T18:48:46.334Z"},{"id":"660bd4432c407644dfd17e03","vectorId":"660bd4332c407644dfd17e02","charset":"UTF-8","browser":"Chrome","version":"123.0.0.0","platform":"Unknown","os":"Unknown","characters":"9,10,12,13,32","userId":"660b024e977c5dee97ed8e06","createdAt":"$D2024-04-02T09:47:47.172Z","updatedAt":"$D2024-04-14T18:48:25.338Z"}],"limit":20}]}]]}],["$","div",null,{"className":"mt-5 border-t border-slate-700 p-5","children":[["$","h2",null,{"className":"text-xl font-bold mb-3","children":"Fuzz results"}],["$","$L29",null,{"fuzzResults":"$2a","highlights":[],"vector":"$27"}]]}]]}]}]

Character allowed after onerror event

Sample payloads

Fuzz results

Distributed Fuzzing