Shazzer logo
Login

Entities still parsed in uppercase

Chrome logo 35
Firefox logo 35
Edge logo 35
Safari logo 35

This vector transforms each entity into uppercase and checks if it is still rendered.

hackvertor
Created byhackvertor
Created Jul 2, 2024
Updated May 27, 2025

Tweet
Detecting browser...
CategoryEntity Parsing
VisibilityPublic
TypeJS
CharsetUTF-8
$[data1] placeholderhtml_entities
Code used before fuzz:
const div = document.createElement('div');
Template used:
let entity = '$[data1]'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '$[data1]') {0x0D
   log(entity);0x0D
}

Sample payloads

let entity = '&'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&') {0x0D
   alert(entity);0x0D
}
let entity = '©'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '©') {0x0D
   alert(entity);0x0D
}
let entity = '&COPYSR;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&COPYSR;') {0x0D
   alert(entity);0x0D
}
let entity = 'ⅅ'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== 'ⅅ') {0x0D
   alert(entity);0x0D
}
let entity = 'Ŋ'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== 'Ŋ') {0x0D
   alert(entity);0x0D
}
let entity = 'Ð'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== 'Ð') {0x0D
   alert(entity);0x0D
}
let entity = '&GTCC;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTCC;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTCIR;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTCIR;') {0x0D
   alert(entity);0x0D
}
let entity = '>'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '>') {0x0D
   alert(entity);0x0D
}
let entity = '&GTDOT;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTDOT;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTLPAR;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTLPAR;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTQUEST;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTQUEST;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTRAPPROX;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTRAPPROX;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTRARR;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTRARR;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTRDOT;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTRDOT;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTREQLESS;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTREQLESS;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTREQQLESS;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTREQQLESS;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTRLESS;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTRLESS;') {0x0D
   alert(entity);0x0D
}
let entity = '&GTRSIM;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&GTRSIM;') {0x0D
   alert(entity);0x0D
}
let entity = '&LTCC;'.toUpperCase();0x0D
div.innerHTML= entity;0x0D
if(!div.innerText.includes(entity) && entity !== '&LTCC;') {0x0D
   alert(entity);0x0D
}

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 35 results
Loading...
Chrome logo
Chrome 144.0.0.0 mobile Android 10older version
Updated31 Jan 2026
Found 35 results
Loading...
Chrome logo
Chrome 144.0.0.0 desktop macOS 10.15.7older version
Updated17 Feb 2026
Found 35 results
Loading...
Firefox logo
Firefox 147.0 desktop Linux
Updated1 Feb 2026
Found 35 results
Loading...
Firefox logo
Firefox 143.0 desktop Windows NT 10.0older version
Updated25 Sept 2025
Found 35 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15older version
Updated2 Jul 2024
Found 35 results
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 35 results
Loading...
Safari logo
Safari 17.5 mobile iOS 17.5.1
Updated2 Jul 2024
Found 35 results
Loading...
Safari logo
Safari 17.4 desktop macOS 10.15.7older version
Updated2 Jul 2024
Found 35 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.