Shazzer logo
Login

HTML entities that create ASCII characters inside a JavaScript URL

Chrome logo 50
Firefox logo 50
Edge logo 50
Safari logo 50

This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.

hackvertor
Created byhackvertor
Created Jun 25, 2024
Updated May 28, 2025

Tweet
Detecting browser...
CategoryEntity Parsing
VisibilityPublic
TypeJS
CharsetUTF-8
$[data1] placeholderhtml_entities
Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript:$[data1]">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && log('$[data1]='+element.href.replace(/^.+?:/,''))

Sample payloads

div.innerHTML='<a href="javascript:&amp;=&">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&amp;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&AMP;=&">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&AMP;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&apos;='">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&apos;='='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&ast;=*">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&ast;=*='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bne;==%E2%83%A5">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bne;==%E2%83%A5='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bsol;=\">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bsol;=\='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&colon;=:">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&colon;=:='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&comma;=">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&comma;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&commat;=@">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&commat;=@='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&DiacriticalGrave;=`">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&DiacriticalGrave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&dollar;=$">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&dollar;=$='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&equals;==">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&equals;==='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&excl;=!">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&excl;=!='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&fjlig;=fj">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&fjlig;=fj='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&grave;=`">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&grave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&gt;=>">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&gt;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&GT;=>">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&GT;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&Hat;=^">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&Hat;=^='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lbrace;={">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lbrace;={='+element.href.replace(/^.+?:/,''))

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 50 results
Loading...
Chrome logo
Chrome 144.0.0.0 desktop macOS 10.15.7older version
Updated30 Jan 2026
Found 50 results
Loading...
Firefox logo
Firefox 147.0 desktop Windows NT 10.0
Updated29 Jan 2026
Found 50 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15older version
Updated26 Jun 2024
Found 50 results
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 50 results
Loading...
Safari logo
Safari 17.4 desktop macOS 10.15.7
Updated26 Jun 2024
Found 50 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.