Entities that convert to greater than in a iframe srcdoc

This shows which entities convert to the greater than character inside a iframe srcdoc. Inspired by: https://x.com/therceman/status/1803666353892585642

Created by: hackvertor

Created on: Thursday, August 1, 2024 at 5:39:17 PM

Updated on: Friday, September 13, 2024 at 6:13:26 PM

Vector type: XSS

Template used:
<iframe srcdoc="$[data1]" id=x></iframe>

Code used after fuzz:
if(x.srcdoc.includes(">"))log('$[data1]')

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<iframe srcdoc=">" id=x></iframe><iframe srcdoc="&GT;" id=x></iframe><iframe srcdoc="&nvgt;" id=x></iframe>

Fuzz results

Safari 17.5 mobile iOS 17.5.1

Found 3 results

Show differences only?

Data
>

Data
&GT;

Data
&nvgt;