Entities still parsed in uppercase
35
35
35This vector transforms each entity into uppercase and checks if it is still rendered.
Created by: hackvertor
Created on: Tuesday, July 2, 2024 at 5:15:34 PM
Updated on: Saturday, November 30, 2024 at 4:17:32 AM
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const div = document.createElement('div');Template used:
let entity = '$[data1]'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '$[data1]') {
log(entity);
}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
let entity = '&'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '&') {
alert(entity);
}let entity = '©'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '©') {
alert(entity);
}let entity = '©SR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '©SR;') {
alert(entity);
}let entity = 'ⅅ'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== 'ⅅ') {
alert(entity);
}let entity = 'Ŋ'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== 'Ŋ') {
alert(entity);
}let entity = 'Ð'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== 'Ð') {
alert(entity);
}let entity = '>CC;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>CC;') {
alert(entity);
}let entity = '>CIR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>CIR;') {
alert(entity);
}let entity = '>'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>') {
alert(entity);
}let entity = '>DOT;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>DOT;') {
alert(entity);
}let entity = '>LPAR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>LPAR;') {
alert(entity);
}let entity = '>QUEST;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>QUEST;') {
alert(entity);
}let entity = '>RAPPROX;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RAPPROX;') {
alert(entity);
}let entity = '>RARR;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RARR;') {
alert(entity);
}let entity = '>RDOT;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RDOT;') {
alert(entity);
}let entity = '>REQLESS;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>REQLESS;') {
alert(entity);
}let entity = '>REQQLESS;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>REQQLESS;') {
alert(entity);
}let entity = '>RLESS;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RLESS;') {
alert(entity);
}let entity = '>RSIM;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '>RSIM;') {
alert(entity);
}let entity = '<CC;'.toUpperCase();
div.innerHTML= entity;
if(!div.innerText.includes(entity) && entity !== '<CC;') {
alert(entity);
}Fuzz results
Safari 17.5 mobile iOS 17.5.1
Updated
Tue Jul 02 2024
Found 35 results
Loading...
Chrome 126.0.0.0 desktop macOS 10.15.7
Updated
Tue Jul 02 2024
Found 35 results
Loading...
Safari 17.4 desktop macOS 10.15.7
Updated
Tue Jul 02 2024
Found 35 results
Loading...
Firefox 127.0 desktop macOS 10.15
Updated
Tue Jul 02 2024
Found 35 results
Loading...