masato - braves parsing finding valid attributes
195
195Trying to see what attributes are filtered
Created by: InsertScript
Created on: Sunday, August 3, 2025 at 8:25:16 AM
Updated on: Sunday, August 3, 2025 at 8:25:16 AM
Vector type: XSS
Vector charset: UTF-8
Vector data 1: attributes
Template used:
<div id="x$[data1]"><span x="$[data1]=123>&bbb"></span></div>
<script>
window["x$[data1]"].innerHTML=window["x$[data1]"].innerHTML;
if (window["x$[data1]"].firstChild.getAttribute("$[data1]") == 123)
{
log('$[data1]')
}
</script>Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<div id="xaccesskey"><span x="accesskey=123>&bbb"></span></div>
<script>
window["xaccesskey"].innerHTML=window["xaccesskey"].innerHTML;
if (window["xaccesskey"].firstChild.getAttribute("accesskey") == 123)
{
alert('accesskey')
}
</script><div id="xanchor"><span x="anchor=123>&bbb"></span></div>
<script>
window["xanchor"].innerHTML=window["xanchor"].innerHTML;
if (window["xanchor"].firstChild.getAttribute("anchor") == 123)
{
alert('anchor')
}
</script><div id="xautocapitalize"><span x="autocapitalize=123>&bbb"></span></div>
<script>
window["xautocapitalize"].innerHTML=window["xautocapitalize"].innerHTML;
if (window["xautocapitalize"].firstChild.getAttribute("autocapitalize") == 123)
{
alert('autocapitalize')
}
</script><div id="xautofocus"><span x="autofocus=123>&bbb"></span></div>
<script>
window["xautofocus"].innerHTML=window["xautofocus"].innerHTML;
if (window["xautofocus"].firstChild.getAttribute("autofocus") == 123)
{
alert('autofocus')
}
</script><div id="xclass"><span x="class=123>&bbb"></span></div>
<script>
window["xclass"].innerHTML=window["xclass"].innerHTML;
if (window["xclass"].firstChild.getAttribute("class") == 123)
{
alert('class')
}
</script><div id="xcontenteditable"><span x="contenteditable=123>&bbb"></span></div>
<script>
window["xcontenteditable"].innerHTML=window["xcontenteditable"].innerHTML;
if (window["xcontenteditable"].firstChild.getAttribute("contenteditable") == 123)
{
alert('contenteditable')
}
</script><div id="xdir"><span x="dir=123>&bbb"></span></div>
<script>
window["xdir"].innerHTML=window["xdir"].innerHTML;
if (window["xdir"].firstChild.getAttribute("dir") == 123)
{
alert('dir')
}
</script><div id="xdraggable"><span x="draggable=123>&bbb"></span></div>
<script>
window["xdraggable"].innerHTML=window["xdraggable"].innerHTML;
if (window["xdraggable"].firstChild.getAttribute("draggable") == 123)
{
alert('draggable')
}
</script><div id="xenterkeyhint"><span x="enterkeyhint=123>&bbb"></span></div>
<script>
window["xenterkeyhint"].innerHTML=window["xenterkeyhint"].innerHTML;
if (window["xenterkeyhint"].firstChild.getAttribute("enterkeyhint") == 123)
{
alert('enterkeyhint')
}
</script><div id="xexportparts"><span x="exportparts=123>&bbb"></span></div>
<script>
window["xexportparts"].innerHTML=window["xexportparts"].innerHTML;
if (window["xexportparts"].firstChild.getAttribute("exportparts") == 123)
{
alert('exportparts')
}
</script><div id="xhidden"><span x="hidden=123>&bbb"></span></div>
<script>
window["xhidden"].innerHTML=window["xhidden"].innerHTML;
if (window["xhidden"].firstChild.getAttribute("hidden") == 123)
{
alert('hidden')
}
</script><div id="xid"><span x="id=123>&bbb"></span></div>
<script>
window["xid"].innerHTML=window["xid"].innerHTML;
if (window["xid"].firstChild.getAttribute("id") == 123)
{
alert('id')
}
</script><div id="xinert"><span x="inert=123>&bbb"></span></div>
<script>
window["xinert"].innerHTML=window["xinert"].innerHTML;
if (window["xinert"].firstChild.getAttribute("inert") == 123)
{
alert('inert')
}
</script><div id="xinputmode"><span x="inputmode=123>&bbb"></span></div>
<script>
window["xinputmode"].innerHTML=window["xinputmode"].innerHTML;
if (window["xinputmode"].firstChild.getAttribute("inputmode") == 123)
{
alert('inputmode')
}
</script><div id="xitemid"><span x="itemid=123>&bbb"></span></div>
<script>
window["xitemid"].innerHTML=window["xitemid"].innerHTML;
if (window["xitemid"].firstChild.getAttribute("itemid") == 123)
{
alert('itemid')
}
</script><div id="xitemprop"><span x="itemprop=123>&bbb"></span></div>
<script>
window["xitemprop"].innerHTML=window["xitemprop"].innerHTML;
if (window["xitemprop"].firstChild.getAttribute("itemprop") == 123)
{
alert('itemprop')
}
</script><div id="xitemref"><span x="itemref=123>&bbb"></span></div>
<script>
window["xitemref"].innerHTML=window["xitemref"].innerHTML;
if (window["xitemref"].firstChild.getAttribute("itemref") == 123)
{
alert('itemref')
}
</script><div id="xitemscope"><span x="itemscope=123>&bbb"></span></div>
<script>
window["xitemscope"].innerHTML=window["xitemscope"].innerHTML;
if (window["xitemscope"].firstChild.getAttribute("itemscope") == 123)
{
alert('itemscope')
}
</script><div id="xitemtype"><span x="itemtype=123>&bbb"></span></div>
<script>
window["xitemtype"].innerHTML=window["xitemtype"].innerHTML;
if (window["xitemtype"].firstChild.getAttribute("itemtype") == 123)
{
alert('itemtype')
}
</script><div id="xlang"><span x="lang=123>&bbb"></span></div>
<script>
window["xlang"].innerHTML=window["xlang"].innerHTML;
if (window["xlang"].firstChild.getAttribute("lang") == 123)
{
alert('lang')
}
</script>Fuzz results
Microsoft Edge 138.0.0.0 desktop Windows NT 10.0
Updated
Sun Aug 03 2025
Found 195 results
Loading...
Chrome 138.0.0.0 desktop Windows NT 10.0
Updated
Sun Aug 03 2025
Found 195 results
Loading...