Active formatting elements
14
14
14Find "active formatting elements" that get duplicated in case of wrongly nested tags
Created byJorianWoltjer
Created May 1, 2024
Updated May 27, 2025
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml
Template used:
<p><$[data1] class="class">a<p>b</p>c</$[data1]></p>Code used after fuzz:
if (document.getElementsByClassName("class").length > 1) log('$[data1]')Sample payloads
<p><a class="class">a<p>b</p>c</a></p><p><b class="class">a<p>b</p>c</b></p><p><big class="class">a<p>b</p>c</big></p><p><code class="class">a<p>b</p>c</code></p><p><em class="class">a<p>b</p>c</em></p><p><font class="class">a<p>b</p>c</font></p><p><i class="class">a<p>b</p>c</i></p><p><nobr class="class">a<p>b</p>c</nobr></p><p><s class="class">a<p>b</p>c</s></p><p><small class="class">a<p>b</p>c</small></p><p><strike class="class">a<p>b</p>c</strike></p><p><strong class="class">a<p>b</p>c</strong></p><p><tt class="class">a<p>b</p>c</tt></p><p><u class="class">a<p>b</p>c</u></p>Fuzz results
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 14 results
Loading...
Chrome 144.0.0.0 mobile Android 10older version
Updated31 Jan 2026
Found 14 results
Loading...
Chrome 144.0.0.0 desktop macOS 10.15.7older version
Updated17 Feb 2026
Found 14 results
Loading...
Chrome 124.0.0.0 Unknown Unknownolder version
Updated2 May 2024
Found 14 results
Loading...
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 14 results
Loading...
Firefox 147.0 desktop Linuxolder version
Updated1 Feb 2026
Found 14 results
Loading...
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 14 results
Loading...