Chars allowed between src and = in img tag

5

Shows characters that are allowed between src and = in an img tag.

Created on: Sunday, March 2, 2025 at 2:00:18 AM

Updated on: Monday, April 28, 2025 at 7:27:33 AM

Vector type: XSS

Vector charset: UTF-8

<script>
window.onerror = () => true; 
</script>

<img src$[chr]=data:text/plain, id="testImg">

const img = document.getElementById('testImg');
if (img.hasAttribute('src') && img.getAttribute('src') === 'data:text/plain,') {
    log($[i]);
}