Characters that can be inserted in the middle of the JS protocol name

Created by: cold-try

Created on: Monday, April 15, 2024 at 1:45:27 AM

Updated on: Tuesday, December 3, 2024 at 12:30:11 PM

Vector type: XSS

Vector charset: UTF-8

Template used:
<a id="0" href="j$[chr]avas$[chr]crip$[chr]t:window">craft-me</a>

Code used after fuzz:
if (document.getElementById("0").protocol === "javascript:") { log($[i]) }

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

<a id="0" href="j avas crip t:window">craft-me</a>

<a id="0" href="j
avas
crip
t:window">craft-me</a>

<a id="0" href="j
avas
crip
t:window">craft-me</a>

Chrome 123.0.0.0 Unknown Unknown

Updated

Mon Apr 15 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 124.0 Unknown Unknown

Updated

Mon Apr 15 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending

Safari 15.5 Unknown Unknown

Updated

Mon Apr 15 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending