HTML entities inside JavaScript URL before colon

Shows which HTML entities are allowed after colon with the JavaScript protocol

Created by: hackvertor

Created on: 6/25/2024, 11:58:34 AM

Updated on: 7/13/2024, 10:30:57 PM

Vector type: JS

Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript$[data1]:">test</a>';
div.querySelector('a').protocol === 'javascript:' && log('$[data1]')
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="javascript&colon;:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('&colon;')
div.innerHTML='<a href="javascript&NewLine;:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('&NewLine;')
div.innerHTML='<a href="javascript&Tab;:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('&Tab;')

Fuzz results

Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7
Found 3 results
Data
&colon;
Data
&NewLine;
Data
&Tab;
Safari logo
Safari 17.4 desktop macOS 10.15.7
Found 3 results
Data
&colon;
Data
&NewLine;
Data
&Tab;
Firefox logo
Firefox 127.0 desktop macOS 10.15
Found 3 results
Data
&colon;
Data
&NewLine;
Data
&Tab;