Characters that can be inserted in the middle of the JS protocol name

/

Created by: Rachid.A

Created on: 4/15/2024, 1:45:27 AM

Updated on: 6/12/2024, 9:19:04 AM

Vector type: XSS

Template used:
<a id="0" href="j$[chr]avas$[chr]crip$[chr]t:window">craft-me</a>
Code used after fuzz:
if (document.getElementById("0").protocol === "javascript:") { log($[i]) }
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Fuzz results

Chrome logo
Chrome 123.0.0.0 Unknown Unknown
Found 3 results
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
130dCR
Firefox logo
Firefox 124.0 Unknown Unknown
Found 3 results
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
130dCR
Safari logo
Safari 15.5 Unknown Unknown
Found 3 results
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
130dCR