6:["$","div",null,{"className":"flex flex-col lg:flex-row","children":["$","div",null,{"children":[["$","div",null,{"className":"grid grid-cols-1 md:grid-cols-2 xl:grid-cols-2 gap-3","children":[["$","div",null,{"children":[["$","div",null,{"className":"mb-4","children":[["$","h1",null,{"className":"text-3xl font-bold break-words tracking-tight","children":"Characters allowed in between start of HTML tag name and event handler"}],["$","div",null,{"className":"flex flex-col gap-2","children":[false,["$","div",null,{"className":"flex flex-row","children":[["$","div","browserIcon0",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Chrome 148.0.0.0 - Updated 10d ago","children":[["$","$L16",null,{"src":"/logos/browsers/chrome.png","width":32,"height":32,"alt":"Chrome logo","className":"","priority":true}]," ",false," ",false," ",false," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"6"}]]}],["$","div","browserIcon1",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Firefox 150.0 - Updated 10d ago","children":[false," ",["$","$L16",null,{"src":"/logos/browsers/firefox.png","width":32,"height":32,"alt":"Firefox logo","className":"","priority":true}]," ",false," ",false," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"6"}]]}],["$","div","browserIcon2",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Microsoft Edge 146.0.0.0 - Updated 4d ago","children":[false," ",false," ",false," ",["$","$L16",null,{"src":"/logos/browsers/edge.png","width":32,"height":32,"alt":"Edge logo","className":"","priority":true}]," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"6"}]]}],["$","div","browserIcon3",{"className":"mt-5 mr-5 relative inline-block tooltip tooltip-bottom","data-tip":"Safari 26.0.1 - Updated 20d ago","children":[false," ",false," ",["$","$L16",null,{"src":"/logos/browsers/safari.png","width":32,"height":32,"alt":"Safari logo","className":"","priority":true}]," ",false," ",["$","span",null,{"className":"badge badge-secondary absolute top-0 right-0 translate-x-1/2 -translate-y-1/2","children":"6"}]]}]]}]]}]]}],["$","p",null,{"className":"text-base-content/80 break-words leading-relaxed mb-6","children":"Characters allowed in between start of HTML tag name and event handler"}],["$","div",null,{"className":"flex items-center gap-3 mb-6 p-3 bg-base-200 rounded-lg w-fit","children":[["$","div",null,{"className":"avatar","children":["$","div",null,{"className":"w-10 rounded-full","children":["$","$L16",null,{"src":"https://avatars.githubusercontent.com/u/84903531?v=4","width":40,"height":40,"alt":"AyushXtha","className":"rounded-full"}]}]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide","children":"Created by"}],["$","$L1b","68a571bf957c1dfbadd7a7ee",{"href":"/profile?id=68a571bf957c1dfbadd7a7ee","className":"link link-hover font-semibold","children":"AyushXtha"}]]}],null]}],["$","div",null,{"className":"flex flex-wrap gap-4 text-sm text-base-content/70 mb-6","children":[["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M8 7V3m8 4V3m-9 8h10M5 21h14a2 2 0 002-2V7a2 2 0 00-2-2H5a2 2 0 00-2 2v12a2 2 0 002 2z"}]}],["$","span",null,{"children":["Created"," ","Mar 4, 2026"]}]]}],["$","div",null,{"className":"flex items-center gap-2","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M4 4v5h.582m15.356 2A8.001 8.001 0 004.582 9m0 0H9m11 11v-5h-.581m0 0a8.003 8.003 0 01-15.357-2m15.357 2H15"}]}],["$","span",null,{"children":["Updated"," ","Mar 4, 2026"]}]]}]]}],["$","div",null,{"className":"space-y-4","children":[["$","div",null,{"className":"flex flex-wrap gap-2","children":[["$","$L1c",null,{"data1":"","data2":"","end":65535,"initCode":"","afterCode":"document.getElementById('test') && log(i)","template":"","mode":"XSS","csrfToken":"AAhrOPR6oeYN9JNplLHBKPfWYA6RnaPfMMTKf7gz","charset":"UTF-8"}],["$","$L1d",null,{"start":0,"end":65535,"autofuzz":false,"template":"","vectorType":"XSS","fuzzToken":"4416105b77f787f13c521fdc03ffb491","initCode":"","afterCode":"document.getElementById('test') && log(i)","data1":"","data2":"","csrfToken":"AAhrOPR6oeYN9JNplLHBKPfWYA6RnaPfMMTKf7gz","id":"69a7d16e1183f081dabe73fc","doRedirect":true,"charset":"UTF-8"}]]}],["$","div",null,{"className":"divider my-2"}],["$","div",null,{"className":"flex flex-wrap items-center gap-2","children":[["$","button",null,{"type":"button","className":"btn btn-secondary","disabled":true,"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M11 5H6a2 2 0 00-2 2v11a2 2 0 002 2h11a2 2 0 002-2v-5m-1.414-9.414a2 2 0 112.828 2.828L11.828 15H9v-2.828l8.586-8.586z"}]}],"Edit"]}],["$","$L1b",null,{"href":"/vectors/new/?id=69a7d16e1183f081dabe73fc","children":["$","button",null,{"type":"button","className":"btn btn-secondary","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","className":"h-4 w-4","fill":"none","viewBox":"0 0 24 24","stroke":"currentColor","children":["$","path",null,{"strokeLinecap":"round","strokeLinejoin":"round","strokeWidth":2,"d":"M8 16H6a2 2 0 01-2-2V6a2 2 0 012-2h8a2 2 0 012 2v2m-6 12h8a2 2 0 002-2v-8a2 2 0 00-2-2h-8a2 2 0 00-2 2v8a2 2 0 002 2z"}]}],"Fork"]}]}],["$","$L1e",null,{"fuzzToken":"4416105b77f787f13c521fdc03ffb491"}],["$","$L1f",null,{"text":"Characters allowed in between start of HTML tag name and event handler"}],["$","$L20",null,{"disabled":true,"toggleLike":"$h21","id":"69a7d16e1183f081dabe73fc","likeCount":1,"currentLikeStatus":false,"csrfToken":"AAhrOPR6oeYN9JNplLHBKPfWYA6RnaPfMMTKf7gz"}],null]}]]}]]}],["$","div",null,{"children":[["$","div",null,{"className":"mb-5","children":["$","$L22",null,{}]}],["$","div",null,{"className":"bg-base-200 rounded-lg p-4 mb-5","children":["$","div",null,{"className":"flex flex-wrap gap-3 lg:grid lg:grid-cols-2 justify-items-start","children":[["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Category"}],["$","span",null,{"className":"badge badge-primary","children":"HTML Parsing"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Visibility"}],["$","span",null,{"className":"badge badge-primary","children":"Public"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Type"}],["$","span",null,{"className":"badge badge-primary","children":"XSS"}]]}],["$","div",null,{"className":"flex flex-col","children":[["$","span",null,{"className":"text-xs text-base-content/60 uppercase tracking-wide mb-1","children":"Charset"}],["$","span",null,{"className":"badge badge-primary","children":"UTF-8"}]]}],"",""]}]}],"",["$","div",null,{"className":"mb-5","children":["Template used:",["$","br",null,{}],["$","$L23",null,{"code":"","language":"markup","maxHeight":"300px"}]]}],["$","div",null,{"className":"mb-5","children":["Code used after fuzz:",["$","br",null,{}],["$","$L23",null,{"code":"document.getElementById('test') && log(i)","language":"javascript","maxHeight":"300px"}]]}]]}]]}],["$","div",null,{"className":"mt-5 overflow-x-visible overflow-y-auto max-h-[300px] w-full border-t border-slate-700 p-5","children":[["$","h2",null,{"className":"text-xl font-bold mb-3","children":"Sample payloads"}],["$","div",null,{"className":"flex gap-2","children":[["$","$L24",null,{"text":"Copy payloads to clipboard","data":"\n\n\n\n\n "}],["$","$L25",null,{"vector":{"id":"69a7d16e1183f081dabe73fc","visibility":"Public","privatePrefixToken":"c7a5fcb86e","category":"HTML Parsing","initCode":"","afterCode":"document.getElementById('test') && log(i)","description":"Characters allowed in between start of HTML tag name and event handler","name":"Characters allowed in between start of HTML tag name and event handler","type":"XSS","data1":"","data2":"","charset":"UTF-8","vector":"","viewed":0,"fuzzToken":"4416105b77f787f13c521fdc03ffb491","createdAt":"$D2026-03-04T06:30:06.087Z","updatedAt":"$D2026-03-04T06:30:06.087Z","userId":"68a571bf957c1dfbadd7a7ee","User":{"id":"68a571bf957c1dfbadd7a7ee","name":"Ayush Shrestha","username":"AyushXtha","image":"https://avatars.githubusercontent.com/u/84903531?v=4"}},"payloads":["","","","","",""]}]]}],["$","div",null,{"className":"grid grid-cols-1 md:grid-cols-2 xl:grid-cols-2 gap-3 mt-5","children":["$","$L26",null,{"vector":"$27","fuzzResults":[{"id":"69b65a8caca9cfd49ad0603f","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Chrome","version":"148.0.0.0","platform":"desktop","os":"Windows NT 10.0","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-15T07:06:52.009Z","updatedAt":"$D2026-03-15T07:08:52.929Z"},{"id":"69af137a01ba39a8fe365e10","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Chrome","version":"145.0.0.0","platform":"desktop","os":"Linux","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-09T18:37:46.973Z","updatedAt":"$D2026-03-09T18:37:46.973Z"},{"id":"69a8f9aec8ee5a79033d1170","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Firefox","version":"148.0","platform":"desktop","os":"Linux Unknown","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-05T03:34:06.186Z","updatedAt":"$D2026-03-05T03:34:24.187Z"},{"id":"69a8f0ed16937eb982d59816","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Microsoft Edge","version":"146.0.0.0","platform":"desktop","os":"Windows NT 10.0","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-05T02:56:45.795Z","updatedAt":"$D2026-03-21T01:31:53.094Z"},{"id":"69a890445687270ecf80d678","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Safari","version":"26.0.1","platform":"mobile","os":"iOS 18.7","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-04T20:04:20.719Z","updatedAt":"$D2026-03-04T20:04:20.719Z"},{"id":"69a7d1d1aa76e6b617973a19","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Firefox","version":"150.0","platform":"desktop","os":"macOS 10.15","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-04T06:31:45.649Z","updatedAt":"$D2026-03-14T13:53:01.267Z"},{"id":"69a7d1731183f081dabe73fd","vectorId":"69a7d16e1183f081dabe73fc","charset":"UTF-8","browser":"Chrome","version":"146.0.0.0","platform":"desktop","os":"macOS 10.15.7","characters":"9,10,12,13,32,47","userId":"68a571bf957c1dfbadd7a7ee","createdAt":"$D2026-03-04T06:30:11.071Z","updatedAt":"$D2026-03-09T18:38:48.970Z"}],"limit":20}]}]]}],["$","div",null,{"className":"mt-5 border-t border-slate-700 p-5","children":[["$","h2",null,{"className":"text-xl font-bold mb-3","children":"Fuzz results"}],["$","$L29",null,{"fuzzResults":"$2a","highlights":[],"vector":"$27"}]]}]]}]}]

Characters allowed in between start of HTML tag name and event handler

Sample payloads

Fuzz results

Distributed Fuzzing