Characters that can precede the javascript protocol copy
Characters that can precede the javascript protocol in html
Created by: l4wio
Created on: Saturday, May 18, 2024 at 8:49:52 PM
Updated on: Thursday, July 25, 2024 at 1:13:01 AM
Vector type: XSS
Template used:
<a href="javas$[chr]cript:test.com/" id="test"></a>
Code used after fuzz:
if(document.getElementById("test").protocol=="javascript:"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="javas cript:test.com/" id="test"></a>
<a href="javas
cript:test.com/" id="test"></a>
<a href="javas
cript:test.com/" id="test"></a>
Fuzz results
![Chrome logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fchrome.png&w=64&q=75)
Chrome 125.0.0.0 Unknown Unknown
Found 3 results
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
10 | 0a | LF |
Dec | Hex | Chr |
---|---|---|
13 | 0d | CR |