Shazzer logo
Login

Escape inline double quote

Chrome logo 1
Firefox logo 1
Edge logo 1

Characters that can break out of an inline value with double quotes

lUcgryy
Created bylUcgryy
Created Mar 7, 2025
Updated May 28, 2025

Tweet
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
Template used:
<input  id="test" value="s$[chr]onload="alert(1)" />
Code used after fuzz:
let a = document.getElementById("test");0x0D
if (typeof a.onload === 'function') {0x0D
log(String.fromCharCode($[i]))0x0D
  }

Sample payloads

<input  id="test" value="s0x00onload="alert(1)" />

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Chrome logo
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated25 Jan 2026
Found 1 result
Loading...
Firefox logo
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 1 result
Loading...
Firefox logo
Firefox 147.0 desktop macOS 10.15older version
Updated30 Jan 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 1 result
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.