Chars allowed between src and = in img tag

Shows characters that are allowed between src and = in an img tag.
Created by: rootd4ddy
Created on: Sunday, March 2, 2025 at 2:00:18 AM
Updated on: Monday, April 7, 2025 at 8:32:23 PM
Vector type: XSS
Vector charset: UTF-8
Code used before fuzz:
<script>
window.onerror = () => true;
</script>
Template used:
<img src$[chr]=data:text/plain, id="testImg">
Code used after fuzz:
const img = document.getElementById('testImg');
if (img.hasAttribute('src') && img.getAttribute('src') === 'data:text/plain,') {
log($[i]);
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<img src =data:text/plain, id="testImg">
<img src
=data:text/plain, id="testImg">
<img src=data:text/plain, id="testImg">
<img src
=data:text/plain, id="testImg">
<img src =data:text/plain, id="testImg">
Fuzz results

Chrome 132.0.0.0 desktop Linux Unknown
Updated
Sun Mar 02 2025
Found 5 results
Loading...