Escape inline double quote

Edge logo 1

Characters that can break out of an inline value with double quotes

Created by: lUcgryy

Created on: Friday, March 7, 2025 at 10:27:49 AM

Updated on: Monday, April 7, 2025 at 11:27:18 AM

Vector type: XSS

Vector charset: UTF-8

Template used:
<input  id="test" value="s$[chr]onload="alert(1)" />
Code used after fuzz:
let a = document.getElementById("test");
if (typeof a.onload === 'function') {
log(String.fromCharCode($[i]))
  }
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<input  id="test" value="sonload="alert(1)" />

Fuzz results

Edge logo
Microsoft Edge 133.0.0.0 desktop Windows NT 10.0

Updated

Fri Mar 07 2025
Found 1 result
Loading...