Chars allowed between src and = in img tag
5
5
5Shows characters that are allowed between src and = in an img tag.
Created byrootd4ddy
Created Mar 2, 2025
Updated May 28, 2025
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
Code used before fuzz:
<script>0x0D
window.onerror = () => true; 0x0D
</script>0x0D
Template used:
<img src$[chr]=data:text/plain, id="testImg">Code used after fuzz:
const img = document.getElementById('testImg');0x0D
if (img.hasAttribute('src') && img.getAttribute('src') === 'data:text/plain,') {0x0D
log($[i]);0x0D
}Sample payloads
<img src0x09=data:text/plain, id="testImg"><img src
=data:text/plain, id="testImg"><img src0x0C=data:text/plain, id="testImg"><img src0x0D=data:text/plain, id="testImg"><img src =data:text/plain, id="testImg">Fuzz results
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated
Sun Jan 25 2026
Found 5 results
Loading...
Chrome 140.0.7339.0 desktop Windows NT 6.1older version
Updated
Sun Jan 25 2026
Found 5 results
Loading...
Chrome 132.0.0.0 desktop Linux Unknownolder version
Updated
Sun Mar 02 2025
Found 5 results
Loading...
Firefox 147.0 desktop Linux
Updated
Sun Feb 01 2026
Found 5 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated
Fri Jan 30 2026
Found 5 results
Loading...