HTML entities that create ASCII characters inside a JavaScript URL

Safari logo 50
Firefox logo 50
Chrome logo 50

This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.

Created by: hackvertor

Created on: Tuesday, June 25, 2024 at 10:13:52 PM

Updated on: Saturday, December 21, 2024 at 10:04:46 AM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript:$[data1]">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && log('$[data1]='+element.href.replace(/^.+?:/,''))
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="javascript:&amp;=&">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&amp;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&AMP;=&">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&AMP;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&apos;='">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&apos;='='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&ast;=*">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&ast;=*='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bne;==%E2%83%A5">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bne;==%E2%83%A5='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bsol;=\">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bsol;=\='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&colon;=:">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&colon;=:='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&comma;=">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&comma;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&commat;=@">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&commat;=@='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&DiacriticalGrave;=`">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&DiacriticalGrave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&dollar;=$">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&dollar;=$='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&equals;==">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&equals;==='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&excl;=!">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&excl;=!='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&fjlig;=fj">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&fjlig;=fj='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&grave;=`">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&grave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&gt;=>">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&gt;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&GT;=>">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&GT;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&Hat;=^">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&Hat;=^='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lbrace;={">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lbrace;={='+element.href.replace(/^.+?:/,''))

Fuzz results

Safari logo
Safari 17.4 desktop macOS 10.15.7

Updated

Wed Jun 26 2024
Found 50 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15

Updated

Wed Jun 26 2024
Found 50 results
Loading...
Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Sat Jun 29 2024
Found 50 results
Loading...