Entities that convert to less than in a iframe srcdoc



This shows which entities convert to the less than character inside a iframe srcdoc. Inspired by: https://x.com/therceman/status/1803666353892585642
Created by: hackvertor
Created on: Thursday, August 1, 2024 at 11:25:53 AM
Updated on: Monday, February 10, 2025 at 6:59:15 PM
Vector type: XSS
Vector charset: UTF-8
Template used:
<iframe srcdoc="$[data1]" id=x></iframe>
Code used after fuzz:
if(x.srcdoc.includes("<"))log('$[data1]')
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<iframe srcdoc="<" id=x></iframe>
<iframe srcdoc="<" id=x></iframe>
<iframe srcdoc="<⃒" id=x></iframe>
Fuzz results

Chrome 127.0.0.0 desktop macOS 10.15.7
Updated
Thu Aug 01 2024
Found 3 results
Loading...

Firefox 128.0 desktop macOS 10.15
Updated
Thu Aug 01 2024
Found 3 results
Loading...

Safari 18.0 desktop macOS 10.15.7
Updated
Thu Aug 01 2024
Found 3 results
Loading...