Shazzer logo
Login

DOM element relationships

Chrome logo 8
Firefox logo 8
Edge logo 8
Safari logo 8

The classic DOM element relationship test found in the blog post https://portswigger.net/research/dom-clobbering-strikes-back

joaxcar
Created byjoaxcar
Created Apr 10, 2024
Updated May 28, 2025

Tweet
Detecting browser...
CategoryDOM Behavior
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml
$[data2] placeholderhtml
Template used:
<$[data1] id="x$[i]"><$[data2] id="y$[j]"></$[data2]></$[data1]>
Code used after fuzz:
document.getElementById('x$[i]') && x$[i].y$[j] && log('$[data1]->$[data2]')

Sample payloads

<form->button id="x0">< id="y0"></></form->button>
<form->fieldset id="x0">< id="y0"></></form->fieldset>
<form->img id="x0">< id="y0"></></form->img>
<form->input id="x0">< id="y0"></></form->input>
<form->object id="x0">< id="y0"></></form->object>
<form->output id="x0">< id="y0"></></form->output>
<form->select id="x0">< id="y0"></></form->select>
<form->textarea id="x0">< id="y0"></></form->textarea>

Fuzz results

Chrome logo
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 8 results
Loading...
Chrome logo
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated28 Jan 2026
Found 8 results
Loading...
Chrome logo
Chrome 123.0.0.0 Unknown Unknownolder version
Updated14 Apr 2024
Found 8 results
Loading...
Firefox logo
Firefox 147.0 desktop Windows NT 10.0
Updated29 Jan 2026
Found 8 results
Loading...
Firefox logo
Firefox 124.0 Unknown Unknownolder version
Updated15 Apr 2024
Found 8 results
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 8 results
Loading...
Safari logo
Safari 17.4 Unknown Unknown
Updated15 Apr 2024
Found 8 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.