HTML entities before JavaScript URL

Shows which HTML entities are allowed before the JavaScript protocol

Created on: 6/25/2024, 4:42:13 PM

Updated on: 6/28/2024, 8:11:14 PM

Vector type: JS

Code used before fuzz:
const div = document.createElement('div');

Template used:

div.innerHTML='<a href="$[data1]javascript:">test</a>';
div.querySelector('a').protocol === 'javascript:' && log('$[data1]')

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Fuzz results

Safari 17.5 mobile iOS 17.5.1

Found 2 results

Show differences only?

Data
&NewLine;

Data
&Tab;