Entities that convert to less than in a iframe srcdoc

This shows which entities convert to the less than character inside a iframe srcdoc. Inspired by: https://x.com/therceman/status/1803666353892585642

Created by: hackvertor

Created on: Thursday, August 1, 2024 at 11:25:53 AM

Updated on: Friday, August 30, 2024 at 9:09:16 PM

Vector type: XSS

Template used:
<iframe srcdoc="$[data1]" id=x></iframe>

Code used after fuzz:
if(x.srcdoc.includes("<"))log('$[data1]')

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<iframe srcdoc="<" id=x></iframe><iframe srcdoc="&LT;" id=x></iframe><iframe srcdoc="&nvlt;" id=x></iframe>

Chrome 127.0.0.0 desktop macOS 10.15.7

Found 3 results

Show differences only?

Data
<

Data
&LT;

Data
&nvlt;

Firefox 128.0 desktop macOS 10.15

Found 3 results

Show differences only?

Data
<

Data
&LT;

Data
&nvlt;

Safari 18.0 desktop macOS 10.15.7

Found 3 results

Show differences only?

Data
<

Data
&LT;

Data
&nvlt;