Tags that HTML encode it's contents

This enumerates through all HTML tags and checks if the span gets HTML encoded.

Created by: hackvertor

Created on: Tuesday, July 16, 2024 at 7:49:10 PM

Updated on: Saturday, August 31, 2024 at 3:12:25 PM

Vector type: XSS

Template used:
<$[data1] id=x><span></span></$[data1]>

Code used after fuzz:
x.innerHTML.includes('<') && log('$[data1]')

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<textarea id=x><span></span></textarea><title id=x><span></span></title>

Chrome 126.0.0.0 desktop macOS 10.15.7

Found 2 results

Show differences only?

Data
textarea

Data
title

Firefox 128.0 desktop macOS 10.15

Found 2 results

Show differences only?

Data
textarea

Data
title

Safari 17.4 desktop macOS 10.15.7

Found 2 results

Show differences only?

Data
textarea

Data
title