HTML entities inside JavaScript URL before colon

Shows which HTML entities are allowed after colon with the JavaScript protocol

Created by: hackvertor

Created on: Tuesday, June 25, 2024 at 11:58:34 AM

Updated on: Monday, October 21, 2024 at 4:17:25 AM

Vector type: JS

Code used before fuzz:
const div = document.createElement('div');

Template used:

div.innerHTML='<a href="javascript$[data1]:">test</a>';
div.querySelector('a').protocol === 'javascript:' && log('$[data1]')

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="javascript&Tab;:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('&Tab;')

div.innerHTML='<a href="javascript&NewLine;:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('&NewLine;')

div.innerHTML='<a href="javascript&colon;:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('&colon;')

Safari 17.4 desktop macOS 10.15.7

Updated

Tue Jun 25 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending

Data
&colon;

Data
&NewLine;

Data
&Tab;

Firefox 127.0 desktop macOS 10.15

Updated

Tue Jun 25 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending

Data
&colon;

Data
&NewLine;

Data
&Tab;

Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Wed Jun 26 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending

Data
&colon;

Data
&NewLine;

Data
&Tab;