HTML entities before JavaScript URL
Shows which HTML entities are allowed before the JavaScript protocol
Created by: Gareth Heyes
Created on: 6/25/2024, 4:42:13 PM
Updated on: 6/28/2024, 8:11:14 PM
Vector type: JS
Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="$[data1]javascript:">test</a>';
div.querySelector('a').protocol === 'javascript:' && log('$[data1]')
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Fuzz results
Safari 17.5 mobile iOS 17.5.1
Found 2 results
Data |
---|

 |
Data |
---|
	 |