Properties are accessible in a sandboxed iframe
13
13
13
13This vector attempts to see which properties are available on the parent window of a sandboxed iframe.
Created byhackvertor
Created Jun 7, 2024
Updated Dec 10, 2025
Detecting browser...
CategoryBrowser Quirks
VisibilityPublic
TypeJS
CharsetUTF-8
Code used before fuzz:
const props = Object.getOwnPropertyNames(window);0x0D
for(const prop in document){0x0D
try{0x0D
props.push("document."+prop);0x0D
} catch{}0x0D
}0x0D
props.forEach(prop => {0x0D
try {0x0D
if(typeof parent[prop] !== 'undefined') {0x0D
log("parent."+prop);0x0D
}0x0D
} catch{}0x0D
})Template used:
1337Sample payloads
1337Fuzz results
Chrome 145.0.0.0 desktop macOS 10.15.7
Updated8 Feb 2026
Found 13 results
Loading...
Chrome 144.0.0.0 desktop Windows NT 10.0older version
Updated8 Feb 2026
Found 13 results
Loading...
Firefox 148.0 desktop macOS 10.15
Updated2 Feb 2026
Found 13 results
Loading...
Firefox 147.0 desktop Linuxolder version
Updated2 Feb 2026
Found 13 results
Loading...
Firefox 147.0 mobile Android 16older version
Updated31 Jan 2026
Found 13 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated26 Jan 2026
Found 13 results
Loading...
Safari 26.1 desktop macOS 10.15.7
Updated10 Dec 2025
Found 13 results
Loading...