50
50
50
50This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.
const div = document.createElement('div');div.innerHTML='<a href="javascript:$[data1]">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && log('$[data1]='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:&=&">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&=&='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:&=&">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&=&='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:'='">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert(''='='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:*=*">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('*=*='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:=⃥==%E2%83%A5">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('=⃥==%E2%83%A5='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:\=\">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('\=\='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript::=:">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert(':=:='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:,=">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert(',=='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:@=@">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('@=@='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:`=`">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('`=`='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:$=$">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('$=$='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:===">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('===='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:!=!">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('!=!='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:fj=fj">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('fj=fj='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:`=`">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('`=`='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:>=>">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('>=>='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:>=>">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('>=>='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:^=^">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('^=^='+element.href.replace(/^.+?:/,''))div.innerHTML='<a href="javascript:{={">test</a>';0x0D
let element = div.querySelector('a');0x0D
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) && !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('{={='+element.href.replace(/^.+?:/,''))