HTML-Encoded Attribute Escape

Checks for any escaping from the img tag attribute from encoded input without using double quotes

Created by: IDKdir

Created on: Saturday, July 13, 2024 at 4:56:45 PM

Updated on: Wednesday, December 18, 2024 at 10:47:49 AM

Vector type: XSS

Vector charset: UTF-8

Template used:
<img src="/image.png" tag="html($[chr])><iframe><!--">
Code used after fuzz:
if (document.querySelector('iframe')) {
    log($[chr]);
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Fuzz results

No results found.