Characters allowed to break double quotes

Characters allowed to break double quotes in the action attribute

Created by: p3n7a90n

Created on: Sunday, June 30, 2024 at 12:02:09 PM

Updated on: Friday, March 7, 2025 at 9:44:35 AM

Vector type: XSS

Vector charset: UTF-8

Template used:

<form id="test" action="aaa$[chr]onsubmit=alert(1)><input/type='submit'>

Code used after fuzz:

var form = document.getElementById("test");
if (typeof form.onsubmit === 'function') {
log(String.fromCharCode($[i]))
  }

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<form id="test" action="aaaonsubmit=alert(1)><input/type='submit'>

Chrome 122.0.0.0 desktop macOS 10.15.7

Updated

Sun Jun 30 2024

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending