Characters allowed to break double quotes

Characters allowed to break double quotes in the action attribute

Created by: p3n7a90n

Created on: 6/30/2024, 12:02:09 PM

Updated on: 7/14/2024, 11:54:14 PM

Vector type: XSS

Template used:
<form id="test" action="aaa$[chr]onsubmit=alert(1)><input/type='submit'>
Code used after fuzz:
var form = document.getElementById("test");
if (typeof form.onsubmit === 'function') {
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<form id="test" action="aaaonsubmit=alert(1)><input/type='submit'>

Fuzz results

Chrome logo
Chrome desktop macOS 10.15.7
Found 1 result