Shazzer logo
Login

masato - braves parsing finding

Chrome logo 1
Firefox logo 1
Edge logo 1
Safari logo 1

Trying to see what elements behave weird in brave regarding.

InsertScript
Created byInsertScript
Created Aug 3, 2025
Updated Aug 3, 2025

Tweet
Detecting browser...
CategoryHTML Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml
Template used:
<div id="x$[data1]"><$[data1] x="test=123&gt;&bbb"></$[data1]></div>0x0D
<script>0x0D
window["x$[data1]"].innerHTML=window["x$[data1]"].innerHTML;0x0D
if (window["x$[data1]"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
log('$[data1]')0x0D
}0x0D
</script>

Sample payloads

<div id="xNO_MATCHES"><NO_MATCHES x="test=123&gt;&bbb"></NO_MATCHES></div>0x0D
<script>0x0D
window["xNO_MATCHES"].innerHTML=window["xNO_MATCHES"].innerHTML;0x0D
if (window["xNO_MATCHES"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('NO_MATCHES')0x0D
}0x0D
</script>
<div id="xa"><a x="test=123&gt;&bbb"></a></div>0x0D
<script>0x0D
window["xa"].innerHTML=window["xa"].innerHTML;0x0D
if (window["xa"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('a')0x0D
}0x0D
</script>
<div id="xb"><b x="test=123&gt;&bbb"></b></div>0x0D
<script>0x0D
window["xb"].innerHTML=window["xb"].innerHTML;0x0D
if (window["xb"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('b')0x0D
}0x0D
</script>
<div id="xbr"><br x="test=123&gt;&bbb"></br></div>0x0D
<script>0x0D
window["xbr"].innerHTML=window["xbr"].innerHTML;0x0D
if (window["xbr"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('br')0x0D
}0x0D
</script>
<div id="xbutton"><button x="test=123&gt;&bbb"></button></div>0x0D
<script>0x0D
window["xbutton"].innerHTML=window["xbutton"].innerHTML;0x0D
if (window["xbutton"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('button')0x0D
}0x0D
</script>
<div id="xdiv"><div x="test=123&gt;&bbb"></div></div>0x0D
<script>0x0D
window["xdiv"].innerHTML=window["xdiv"].innerHTML;0x0D
if (window["xdiv"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('div')0x0D
}0x0D
</script>
<div id="xfooter"><footer x="test=123&gt;&bbb"></footer></div>0x0D
<script>0x0D
window["xfooter"].innerHTML=window["xfooter"].innerHTML;0x0D
if (window["xfooter"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('footer')0x0D
}0x0D
</script>
<div id="xi"><i x="test=123&gt;&bbb"></i></div>0x0D
<script>0x0D
window["xi"].innerHTML=window["xi"].innerHTML;0x0D
if (window["xi"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('i')0x0D
}0x0D
</script>
<div id="xinput"><input x="test=123&gt;&bbb"></input></div>0x0D
<script>0x0D
window["xinput"].innerHTML=window["xinput"].innerHTML;0x0D
if (window["xinput"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('input')0x0D
}0x0D
</script>
<div id="xlabel"><label x="test=123&gt;&bbb"></label></div>0x0D
<script>0x0D
window["xlabel"].innerHTML=window["xlabel"].innerHTML;0x0D
if (window["xlabel"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('label')0x0D
}0x0D
</script>
<div id="xli"><li x="test=123&gt;&bbb"></li></div>0x0D
<script>0x0D
window["xli"].innerHTML=window["xli"].innerHTML;0x0D
if (window["xli"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('li')0x0D
}0x0D
</script>
<div id="xol"><ol x="test=123&gt;&bbb"></ol></div>0x0D
<script>0x0D
window["xol"].innerHTML=window["xol"].innerHTML;0x0D
if (window["xol"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('ol')0x0D
}0x0D
</script>
<div id="xp"><p x="test=123&gt;&bbb"></p></div>0x0D
<script>0x0D
window["xp"].innerHTML=window["xp"].innerHTML;0x0D
if (window["xp"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('p')0x0D
}0x0D
</script>
<div id="xselect"><select x="test=123&gt;&bbb"></select></div>0x0D
<script>0x0D
window["xselect"].innerHTML=window["xselect"].innerHTML;0x0D
if (window["xselect"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('select')0x0D
}0x0D
</script>
<div id="xspan"><span x="test=123&gt;&bbb"></span></div>0x0D
<script>0x0D
window["xspan"].innerHTML=window["xspan"].innerHTML;0x0D
if (window["xspan"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('span')0x0D
}0x0D
</script>
<div id="xstrong"><strong x="test=123&gt;&bbb"></strong></div>0x0D
<script>0x0D
window["xstrong"].innerHTML=window["xstrong"].innerHTML;0x0D
if (window["xstrong"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('strong')0x0D
}0x0D
</script>
<div id="xul"><ul x="test=123&gt;&bbb"></ul></div>0x0D
<script>0x0D
window["xul"].innerHTML=window["xul"].innerHTML;0x0D
if (window["xul"].firstChild.getAttribute("test") == 123)0x0D
{0x0D
alert('ul')0x0D
}0x0D
</script>

Fuzz results

Chrome logo
Chrome 144.0.0.0 desktop macOS 10.15.7
Updated28 Jan 2026
Found 1 result
Loading...
Chrome logo
Chrome 138.0.0.0 desktop Windows NT 10.0older version
Updated3 Aug 2025
Found 16 results
Loading...
Firefox logo
Firefox 147.0 desktop Windows NT 10.0
Updated29 Jan 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 138.0.0.0 desktop Windows NT 10.0older version
Updated3 Aug 2025
Found 16 results
Loading...
Safari logo
Safari 26.2 desktop macOS 10.15.7
Updated31 Jan 2026
Found 1 result
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.