Active formatting elements
14
14
14Find "active formatting elements" that get duplicated in case of wrongly nested tags
Created byJorianWoltjer
Created May 1, 2024
Updated May 27, 2025
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml
Template used:
<p><$[data1] class="class">a<p>b</p>c</$[data1]></p>Code used after fuzz:
if (document.getElementsByClassName("class").length > 1) log('$[data1]')Sample payloads
<p><a class="class">a<p>b</p>c</a></p><p><b class="class">a<p>b</p>c</b></p><p><big class="class">a<p>b</p>c</big></p><p><code class="class">a<p>b</p>c</code></p><p><em class="class">a<p>b</p>c</em></p><p><font class="class">a<p>b</p>c</font></p><p><i class="class">a<p>b</p>c</i></p><p><nobr class="class">a<p>b</p>c</nobr></p><p><s class="class">a<p>b</p>c</s></p><p><small class="class">a<p>b</p>c</small></p><p><strike class="class">a<p>b</p>c</strike></p><p><strong class="class">a<p>b</p>c</strong></p><p><tt class="class">a<p>b</p>c</tt></p><p><u class="class">a<p>b</p>c</u></p>Fuzz results
Chrome 144.0.0.0 mobile Android 10
Updated31 Jan 2026
Found 14 results
Loading...
Chrome 143.0.0.0 desktop Windows NT 10.0older version
Updated31 Jan 2026
Found 14 results
Loading...
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated28 Jan 2026
Found 14 results
Loading...
Chrome 124.0.0.0 Unknown Unknownolder version
Updated2 May 2024
Found 14 results
Loading...
Firefox 147.0 desktop Linux
Updated1 Feb 2026
Found 14 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 14 results
Loading...