Valid characters before domain 1

⚠ Browser differences

Import from old 1

Created Apr 10, 2024

Updated May 23, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeXSS

CharsetUTF-8

Template used:

<a href="https://$[chr]example.com/" id="test$[i]"></a>

Code used after fuzz:

if(document.getElementById("test$[i]").host=="example.com"){log($[i])}

Sample payloads

<a href="https://0x09example.com/" id="test9"></a>

<a href="https://
example.com/" id="test10"></a>

<a href="https://0x0Dexample.com/" id="test13"></a>

<a href="https:///example.com/" id="test47"></a>

<a href="https://@example.com/" id="test64"></a>

<a href="https://\example.com/" id="test92"></a>

<a href="https://example.com/" id="test173"></a>

<a href="https://͏example.com/" id="test847"></a>

<a href="https://ᅟexample.com/" id="test4447"></a>

<a href="https://ᅠexample.com/" id="test4448"></a>

<a href="https://឴example.com/" id="test6068"></a>

<a href="https://឵example.com/" id="test6069"></a>

<a href="https://᠋example.com/" id="test6155"></a>

<a href="https://᠌example.com/" id="test6156"></a>

<a href="https://᠍example.com/" id="test6157"></a>

<a href="https://᠎example.com/" id="test6158"></a>

<a href="https://᠏example.com/" id="test6159"></a>

<a href="https://example.com/" id="test8203"></a>

<a href="https://⁠example.com/" id="test8288"></a>

<a href="https://⁡example.com/" id="test8289"></a>