masato - braves parsing finding entity test
1
1
1
1Trying to see what entity trigger the parsing issue. Should be >
Created byInsertScript
Created Aug 3, 2025
Updated Aug 3, 2025
Detecting browser...
CategoryEntity Parsing
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml_entities
Template used:
<div id="urlenc($[data1])"><span x="test=123$[data1]&bbb"></span></div>0x0D
<script>0x0D
window["urlenc($[data1])"].innerHTML=window["urlenc($[data1])"].innerHTML;0x0D
if (window["urlenc($[data1])"].firstChild.getAttribute("test") != null)0x0D
{0x0D
log('$[data1]')0x0D
}0x0D
</script>Sample payloads
<div id="%26gt%3B"><span x="test=123>&bbb"></span></div>0x0D
<script>0x0D
window["%26gt%3B"].innerHTML=window["%26gt%3B"].innerHTML;0x0D
if (window["%26gt%3B"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('>')0x0D
}0x0D
</script><div id="%26GT%3B"><span x="test=123>&bbb"></span></div>0x0D
<script>0x0D
window["%26GT%3B"].innerHTML=window["%26GT%3B"].innerHTML;0x0D
if (window["%26GT%3B"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('>')0x0D
}0x0D
</script><div id="%26nvgt%3B"><span x="test=123>⃒&bbb"></span></div>0x0D
<script>0x0D
window["%26nvgt%3B"].innerHTML=window["%26nvgt%3B"].innerHTML;0x0D
if (window["%26nvgt%3B"].firstChild.getAttribute("test") != null)0x0D
{0x0D
alert('>⃒')0x0D
}0x0D
</script>Fuzz results
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Chrome 138.0.0.0 desktop Windows NT 10.0older version
Updated3 Aug 2025
Found 3 results
Loading...
Firefox 148.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Microsoft Edge 138.0.0.0 desktop Windows NT 10.0older version
Updated3 Aug 2025
Found 3 results
Loading...
Safari 26.2 desktop macOS 10.15.7
Updated31 Jan 2026
Found 1 result
Loading...