Escape inline double quote
1
1
1Characters that can break out of an inline value with double quotes
Created bylUcgryy
Created Mar 7, 2025
Updated May 28, 2025
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
Template used:
<input id="test" value="s$[chr]onload="alert(1)" />Code used after fuzz:
let a = document.getElementById("test");0x0D
if (typeof a.onload === 'function') {0x0D
log(String.fromCharCode($[i]))0x0D
}Sample payloads
<input id="test" value="s0x00onload="alert(1)" />Fuzz results
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated
Fri Jan 30 2026
Found 1 result
Loading...
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated
Sun Jan 25 2026
Found 1 result
Loading...
Firefox 147.0 desktop Windows NT 10.0
Updated
Sat Jan 31 2026
Found 1 result
Loading...
Firefox 147.0 desktop macOS 10.15
Updated
Fri Jan 30 2026
Found 1 result
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated
Fri Jan 30 2026
Found 1 result
Loading...