DOM element relationships

The classic DOM element relationship test found in the blog post https://portswigger.net/research/dom-clobbering-strikes-back

Created by: joaxcar

Created on: Wednesday, April 10, 2024 at 7:46:42 AM

Updated on: Friday, February 21, 2025 at 7:39:10 PM

Vector type: XSS

Vector charset: UTF-8

Vector data 1: html

Vector data 2: html

Template used:
<$[data1] id="x$[i]"><$[data2] id="y$[j]"></$[data2]></$[data1]>

Code used after fuzz:
document.getElementById('x$[i]') && x$[i].y$[j] && log('$[data1]->$[data2]')

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<form->button id="x0">< id="y0"></></form->button><form->fieldset id="x0">< id="y0"></></form->fieldset><form->img id="x0">< id="y0"></></form->img><form->input id="x0">< id="y0"></></form->input><form->object id="x0">< id="y0"></></form->object><form->output id="x0">< id="y0"></></form->output><form->select id="x0">< id="y0"></></form->select><form->textarea id="x0">< id="y0"></></form->textarea>

Fuzz results

Chrome 123.0.0.0 Unknown Unknown

Updated

Sun Apr 14 2024

Found 8 results

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 124.0 Unknown Unknown

Updated

Mon Apr 15 2024

Found 8 results

Show differences only?

Filter out alphanumeric

Sort ascending

Safari 17.4 Unknown Unknown

Updated

Mon Apr 15 2024

Found 8 results

Show differences only?

Filter out alphanumeric

Sort ascending