Characters that can work as attribute seperator

This vector shows which characters can be used instead of the normal space to work as an attribute seperator

Created bySudistark

Created Aug 17, 2024

Updated May 27, 2025

Detecting browser...

CategoryDOM Behavior

VisibilityPublic

TypeJS

CharsetUTF-8

Template used:

var markup = `<a$[chr]id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     log($[i])0x0D
 }0x0D
0x0D
0x0D

Sample payloads

var markup = `<a0x09id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(9)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a
id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(10)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a0x0Cid=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(12)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a0x0Did=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(13)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(32)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a/id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(47)0x0D
 }0x0D
0x0D
0x0D

Characters that can work as attribute seperator

This vector shows which characters can be used instead of the normal space to work as an attribute seperator

Created bySudistark

Created Aug 17, 2024

Updated May 27, 2025

Detecting browser...

CategoryDOM Behavior

VisibilityPublic

TypeJS

CharsetUTF-8

Template used:

var markup = `<a$[chr]id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     log($[i])0x0D
 }0x0D
0x0D
0x0D

Sample payloads

var markup = `<a0x09id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(9)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a
id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(10)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a0x0Cid=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(12)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a0x0Did=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(13)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(32)0x0D
 }0x0D
0x0D
0x0D

var markup = `<a/id=xss>shirley</a>`0x0D
var dom = new DOMParser().parseFromString(markup,'text/html')0x0D
0x0D
if(dom.getElementById('xss')){0x0D
     alert(47)0x0D
 }0x0D
0x0D
0x0D

Characters that can work as attribute seperator

Sample payloads

Fuzz results

Characters that can work as attribute seperator

Sample payloads

Fuzz results

Distributed Fuzzing

Characters that can work as attribute seperator

Sample payloads

Fuzz results

Characters that can work as attribute seperator

Sample payloads

Fuzz results