Tags that HTML encode it's contents
2
2
2This enumerates through all HTML tags and checks if the span gets HTML encoded.
Created by: hackvertor
Created on: Tuesday, July 16, 2024 at 7:49:10 PM
Updated on: Tuesday, May 27, 2025 at 8:15:23 AM
Category: HTML Parsing
Vector visibility: Public
Vector type: XSS
Vector charset: UTF-8
Vector data 1: html
Template used:
<$[data1] id=x><span></span></$[data1]>Code used after fuzz:
x.innerHTML.includes('<') && log('$[data1]')Detecting browser...
Sample payloads
<textarea id=x><span></span></textarea><title id=x><span></span></title>Fuzz results
Chrome 143.0.0.0 desktop Windows NT 10.0
Updated
Sat Jan 31 2026
Found 2 results
Loading...
Chrome 143.0.0.0 desktop macOS 10.15.7
Updated
Wed Jan 28 2026
Found 2 results
Loading...
Firefox 128.0 desktop macOS 10.15
Updated
Tue Jul 16 2024
Found 2 results
Loading...
Safari 17.4 desktop macOS 10.15.7
Updated
Tue Jul 16 2024
Found 2 results
Loading...