Entities allowed between function calls

This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

Created by: hackvertor

Created on: 6/29/2024, 1:55:26 PM

Updated on: 7/2/2024, 11:41:17 AM

Vector type: XSS

Template used:
<img src=data: onerror="log$[data1]('html($[data1])')">

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Fuzz results

Chrome 126.0.0.0 desktop macOS 10.15.7

Found 8 results

Show differences only?

Data
&emsp;

Data
&hairsp;

Data

Data
&NewLine;

Data
&NonBreakingSpace;

Data
&puncsp;

Data

Data

Firefox 127.0 desktop macOS 10.15

Found 4 results

Show differences only?

Data
&emsp;

Data
&emsp13;

Data
&emsp14;

Data
&ensp;

Safari 17.4 desktop macOS 10.15.7

Found 2 results

Show differences only?

Data
&emsp;

Data
&Tab;

Safari 17.5 mobile iOS 17.5.1

Found 6 results

Show differences only?

Data
&emsp14;

Data
&ensp;

Data

Data
&numsp;

Data
&Tab;

Data
&VeryThinSpace;