Shazzer logo
Login

HTML entities that create ASCII characters inside a JavaScript URL

Chrome logo 50
Firefox logo 50
Edge logo 50
Safari logo 50

This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.

hackvertor
Created byhackvertor
Created Jun 25, 2024
Updated May 28, 2025

Tweet
Detecting browser...
CategoryEntity Parsing
VisibilityPublic
TypeJS
CharsetUTF-8
$[data1] placeholderhtml_entities
Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript:$[data1]">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && log('$[data1]='+element.href.replace(/^.+?:/,''))

Sample payloads

div.innerHTML='<a href="javascript:&amp;=&">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&amp;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&AMP;=&">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&AMP;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&apos;='">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&apos;='='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&ast;=*">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&ast;=*='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bne;==%E2%83%A5">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bne;==%E2%83%A5='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bsol;=\">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bsol;=\='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&colon;=:">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&colon;=:='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&comma;=">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&comma;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&commat;=@">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&commat;=@='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&DiacriticalGrave;=`">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&DiacriticalGrave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&dollar;=$">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&dollar;=$='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&equals;==">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&equals;==='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&excl;=!">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&excl;=!='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&fjlig;=fj">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&fjlig;=fj='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&grave;=`">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&grave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&gt;=>">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&gt;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&GT;=>">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&GT;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&Hat;=^">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&Hat;=^='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lbrace;={">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lbrace;={='+element.href.replace(/^.+?:/,''))

Fuzz results

Chrome logo
Chrome 144.0.0.0 desktop macOS 10.15.7

Updated

Fri Jan 30 2026
Found 50 results
Loading...
Firefox logo
Firefox 147.0 desktop Windows NT 10.0

Updated

Thu Jan 29 2026
Found 50 results
Loading...
Firefox logo
Firefox 127.0 desktop macOS 10.15older version

Updated

Wed Jun 26 2024
Found 50 results
Loading...
Edge logo
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0

Updated

Fri Jan 30 2026
Found 50 results
Loading...
Safari logo
Safari 17.4 desktop macOS 10.15.7

Updated

Wed Jun 26 2024
Found 50 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.