HTML entities inside JavaScript URL before colon
Shows which HTML entities are allowed after colon with the JavaScript protocol
Created by: Gareth Heyes
Created on: 6/25/2024, 11:58:34 AM
Updated on: 6/28/2024, 1:04:11 PM
Vector type: JS
Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript$[data1]:">test</a>';
div.querySelector('a').protocol === 'javascript:' && log('$[data1]')
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Fuzz results
![Chrome logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fchrome.png&w=64&q=75)
Chrome 126.0.0.0 desktop macOS 10.15.7
Found 3 results
Data |
---|
: |
Data |
---|

 |
Data |
---|
	 |
![Safari logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fsafari.png&w=64&q=75)
Safari 17.4 desktop macOS 10.15.7
Found 3 results
Data |
---|
: |
Data |
---|

 |
Data |
---|
	 |
![Firefox logo](/_next/image?url=%2Flogos%2Fbrowsers%2Ffirefox.png&w=64&q=75)
Firefox 127.0 desktop macOS 10.15
Found 3 results
Data |
---|
: |
Data |
---|

 |
Data |
---|
	 |