Entities still parsed in uppercase
35
35
35This vector transforms each entity into uppercase and checks if it is still rendered.
Created by: hackvertor
Created on: Tuesday, July 2, 2024 at 5:15:34 PM
Updated on: Thursday, April 10, 2025 at 2:31:29 PM
Vector type: JS
Vector charset: UTF-8
Vector data 1: html_entities
Code used before fuzz:
const div = document.createElement('div');Template used:
let entity = '$[data1]'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '$[data1]') {
log(entity);
}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
let entity = '&'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '&') {
alert(entity);
}let entity = '©'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '©') {
alert(entity);
}let entity = '©SR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '©SR;') {
alert(entity);
}let entity = 'ⅅ'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== 'ⅅ') {
alert(entity);
}let entity = 'Ŋ'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== 'Ŋ') {
alert(entity);
}let entity = 'Ð'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== 'Ð') {
alert(entity);
}let entity = '>CC;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>CC;') {
alert(entity);
}let entity = '>CIR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>CIR;') {
alert(entity);
}let entity = '>'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>') {
alert(entity);
}let entity = '>DOT;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>DOT;') {
alert(entity);
}let entity = '>LPAR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>LPAR;') {
alert(entity);
}let entity = '>QUEST;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>QUEST;') {
alert(entity);
}let entity = '>RAPPROX;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RAPPROX;') {
alert(entity);
}let entity = '>RARR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RARR;') {
alert(entity);
}let entity = '>RDOT;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RDOT;') {
alert(entity);
}let entity = '>REQLESS;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>REQLESS;') {
alert(entity);
}let entity = '>REQQLESS;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>REQQLESS;') {
alert(entity);
}let entity = '>RLESS;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RLESS;') {
alert(entity);
}let entity = '>RSIM;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RSIM;') {
alert(entity);
}let entity = '<CC;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '<CC;') {
alert(entity);
}Fuzz results
Safari 17.5 mobile iOS 17.5.1
Updated
Tue Jul 02 2024
Found 35 results
Loading...
Chrome 126.0.0.0 desktop macOS 10.15.7
Updated
Tue Jul 02 2024
Found 35 results
Loading...
Safari 17.4 desktop macOS 10.15.7
Updated
Tue Jul 02 2024
Found 35 results
Loading...
Firefox 127.0 desktop macOS 10.15
Updated
Tue Jul 02 2024
Found 35 results
Loading...