Properties are accessible in a sandboxed iframe
13
13
13
13This vector attempts to see which properties are available on the parent window of a sandboxed iframe.
Created byhackvertor
Created Jun 7, 2024
Updated Dec 10, 2025
Detecting browser...
CategoryBrowser Quirks
VisibilityPublic
TypeJS
CharsetUTF-8
Code used before fuzz:
const props = Object.getOwnPropertyNames(window);0x0D
for(const prop in document){0x0D
try{0x0D
props.push("document."+prop);0x0D
} catch{}0x0D
}0x0D
props.forEach(prop => {0x0D
try {0x0D
if(typeof parent[prop] !== 'undefined') {0x0D
log("parent."+prop);0x0D
}0x0D
} catch{}0x0D
})Template used:
1337Sample payloads
1337Fuzz results
Chrome 148.0.0.0 desktop Windows NT 10.0
Updated15 Mar 2026
Found 13 results
Loading...
Chrome 145.0.0.0 desktop macOS 10.15.7older version
Updated11 Mar 2026
Found 13 results
Loading...
Firefox 150.0 desktop macOS 10.15
Updated14 Mar 2026
Found 13 results
Loading...
Firefox 147.0 desktop Linuxolder version
Updated2 Feb 2026
Found 13 results
Loading...
Firefox 147.0 mobile Android 16older version
Updated31 Jan 2026
Found 13 results
Loading...
Microsoft Edge 146.0.0.0 desktop Windows NT 10.0
Updated21 Mar 2026
Found 13 results
Loading...
Safari 26.1 desktop macOS 10.15.7
Updated10 Dec 2025
Found 13 results
Loading...