HTML entities before JavaScript URL
2
2
Shows which HTML entities are allowed before the JavaScript protocol
Created by: hackvertor
Created on: Tuesday, June 25, 2024 at 4:42:13 PM
Updated on: Friday, December 13, 2024 at 3:26:46 PM
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="$[data1]javascript:">test</a>';
div.querySelector('a').protocol === 'javascript:' && log('$[data1]')
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
div.innerHTML='<a href="	javascript:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('	')
div.innerHTML='<a href="
javascript:">test</a>';
div.querySelector('a').protocol === 'javascript:' && alert('
')
Fuzz results
Safari 17.5 mobile iOS 17.5.1
Updated
Tue Jun 25 2024
Found 2 results
Loading...
Chrome 131.0.0.0 desktop Windows NT 10.0
Updated
Sun Nov 17 2024
Found 2 results
Loading...