1. All html tags and attributes.
2. Send code to Firebug.
3. Lowercase, Uppercase, Random case for tags, events and attributes.
4. You can now specify the character range.
5. Fuzzing of HTML tags.
6. Backticks in the quote style.

I shall sort them out tonight, I’m going to store the results of any javascript execution as well. Then I can provide a table for everyone to see.

But - some more suggestions:
- src and rel attributes are missing
- object, embed and style tags are missing
- all-option for tags and quotes would be cool
- quotes are missing backticks
- if ’show code’ could probe for firebug and show the code in the console it would be awesome for copy&paste issues

Great work - it’s becoming really useable!

Greetings,
.mario

It’s worked 3 times for me using the following:
1.
<body ‘onload=”alert(1);” class=”javascript:alert(2);”>test</body>
2.
<body “onload=”alert(1);” class=”javascript:alert(2);”>test</body>
3. Character number : 13 before the handler

Yeah I’ll change the way it outputs and allow 50 results. Good suggestions thanks

I’ve not looked at the Mozilla one yet, I’ll check it out though.

Expect an update soon

nice tool! But why not displaying more than one result - it’s pretty annoying that one has to click over and over again. I think displaying 20 - 50 results would be cool.

Also it would be great not to work with alert() but with row coloring. Just overwrite alert to color the table row green where it’s originating or sth similar.

BTW: Have you tried the mozilla fuzzer? It’s pretty cool and it would enrich you fuzzer if you’d add maybe another tab with the fuzzer output from Rhino - also limited to 20-50 statements.

What do you think?

Greetings,
.mario