Entities that convert to greater than in a iframe srcdoc
3
3
3This shows which entities convert to the greater than character inside a iframe srcdoc. Inspired by: https://x.com/therceman/status/1803666353892585642
Created by: hackvertor
Created on: Thursday, August 1, 2024 at 5:39:17 PM
Updated on: Thursday, April 10, 2025 at 2:12:01 PM
Vector type: XSS
Vector charset: UTF-8
Vector data 1: html_entities
Template used:
<iframe srcdoc="$[data1]" id=x></iframe>
Code used after fuzz:
if(x.srcdoc.includes(">"))log('$[data1]')Your browser was detected as:
Safari Unknown Unknown undefined undefined
Sample payloads
<iframe srcdoc=">" id=x></iframe>
<iframe srcdoc=">" id=x></iframe>
<iframe srcdoc=">⃒" id=x></iframe>
Fuzz results
Safari 17.5 mobile iOS 17.5.1
Updated
Thu Aug 01 2024
Found 3 results
(No data selected)
Data
>
>
>⃒
Chrome 130.0.0.0 desktop macOS 10.15.7
Updated
Thu Oct 24 2024
Found 3 results
(No data selected)
Data
>
>
>⃒
Firefox 131.0 desktop macOS 10.15
Updated
Thu Oct 24 2024
Found 3 results
(No data selected)
Data
>
>
>⃒