Shazzer logo
Login

Difference between browser-supported handlers and Shazzer 'events' list

⚠ Browser differences
Chrome logo 24
Firefox logo 16
Edge logo 23

Shazzer's 'events' list. (118 handlers currently). Opposed to handlers registered in document, document.body and window objects (138 handlers currently). The shazzer's event list is compared with all handlers.

hansmach1ne
Created byhansmach1ne
Created Jan 5, 2025
Updated May 27, 2025

Tweet
Detecting browser...
CategoryXSS Execution
VisibilityPublic
TypeJS
CharsetUTF-8
$[data1] placeholderevents
Code used before fuzz:
function listAllEventHandlers() {0x0D
    const allHandlers = new Set();0x0D
    const objects = [document.body, document, window];0x0D
    objects.forEach(obj => {0x0D
        for (const prop in obj) {0x0D
            if (prop.startsWith('on')) {0x0D
                allHandlers.add(prop);0x0D
            }0x0D
        }0x0D
    });0x0D
    return Array.from(allHandlers).sort();0x0D
}0x0D
allBodyHandlers = listAllEventHandlers();0x0D
0x0D
console.log("window, document and document.body contain " + allBodyHandlers .length + " handlers")0x0D
0x0D
const shazzerEvents  = new Set();
Template used:
shazzerEvents.add('$[data1]');
Code used after fuzz:
console.log("Shazzer 'events' contains " + shazzerEvents.size + " events");0x0D
0x0D
function missingHandlers() {0x0D
const out = new Set();0x0D
    for(let handler of allBodyHandlers) {0x0D
        if (!shazzerEvents.has(handler)) {0x0D
            out.add(handler);0x0D
        }0x0D
    }0x0D
return out;0x0D
}0x0D
0x0D
for(let handler of missingHandlers()){0x0D
   log(handler);0x0D
}

Sample payloads

shazzerEvents.add('onanimationcancel');
shazzerEvents.add('oncommand');
shazzerEvents.add('oncopy');
shazzerEvents.add('oncut');
shazzerEvents.add('ondragexit');
shazzerEvents.add('onfullscreenchange');
shazzerEvents.add('onfullscreenerror');
shazzerEvents.add('ongamepadconnected');
shazzerEvents.add('ongamepaddisconnected');
shazzerEvents.add('onmozfullscreenchange');
shazzerEvents.add('onmozfullscreenerror');
shazzerEvents.add('onpaste');
shazzerEvents.add('onpointerlockchange');
shazzerEvents.add('onpointerlockerror');
shazzerEvents.add('onreadystatechange');
shazzerEvents.add('onvisibilitychange');
shazzerEvents.add('onbeforecopy');
shazzerEvents.add('onbeforecut');
shazzerEvents.add('onbeforepaste');
shazzerEvents.add('onfreeze');

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 24 results
Loading...
Chrome logo
Chrome 144.0.0.0 mobile Android 10older version
Updated31 Jan 2026
Found 28 results
Loading...
Chrome logo
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated28 Jan 2026
Found 23 results
Loading...
Firefox logo
Firefox 147.0 desktop Linux
Updated1 Feb 2026
Found 16 results
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 23 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.