HTML entities that create ASCII characters inside a JavaScript URL

This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.

Created by: hackvertor

Created on: 6/25/2024, 10:13:52 PM

Updated on: 7/14/2024, 10:49:52 PM

Vector type: JS

Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript:$[data1]">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && log('$[data1]='+element.href.replace(/^.+?:/,''))
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="javascript:&amp;=&">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&amp;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&AMP;=&">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&AMP;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&apos;='">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&apos;='='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&ast;=*">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&ast;=*='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bne;==%E2%83%A5">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bne;==%E2%83%A5='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bsol;=\">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bsol;=\='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&colon;=:">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&colon;=:='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&comma;=">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&comma;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&commat;=@">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&commat;=@='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&DiacriticalGrave;=`">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&DiacriticalGrave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&dollar;=$">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&dollar;=$='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&equals;==">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&equals;==='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&excl;=!">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&excl;=!='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&fjlig;=fj">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&fjlig;=fj='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&grave;=`">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&grave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&gt;=>">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&gt;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&GT;=>">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&GT;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&Hat;=^">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&Hat;=^='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lbrace;={">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lbrace;={='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lbrack;=[">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lbrack;=[='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lcub;={">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lcub;={='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lowbar;=_">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lowbar;=_='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lpar;=(">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lpar;=(='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lsqb;=[">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lsqb;=[='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lt;=<">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lt;=<='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&LT;=<">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&LT;=<='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&midast;=*">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&midast;=*='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&NewLine;=">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&NewLine;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&num;=#">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&num;=#='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&nvgt;=>%E2%83%92">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&nvgt;=>%E2%83%92='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&nvlt;=<%E2%83%92">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&nvlt;=<%E2%83%92='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&percnt;=%">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&percnt;=%='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&period;=.">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&period;=.='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&plus;=+">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&plus;=+='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&quest;=?">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&quest;=?='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&quot;="">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&quot;="='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&QUOT;="">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&QUOT;="='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&rbrace;=}">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&rbrace;=}='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&rbrack;=]">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&rbrack;=]='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&rcub;=}">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&rcub;=}='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&rpar;=)">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&rpar;=)='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&rsqb;=]">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&rsqb;=]='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&semi;=;">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&semi;=;='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&sol;=/">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&sol;=/='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&Tab;=">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&Tab;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&UnderBar;=_">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&UnderBar;=_='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&verbar;=|">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&verbar;=|='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&vert;=|">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&vert;=|='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&VerticalLine;=|">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&VerticalLine;=|='+element.href.replace(/^.+?:/,''))

Fuzz results

Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7
Found 50 results
Data
Data
&amp;=&
Data
&AMP;=&
Data
&apos;='
Data
&ast;=*
Data
&bne;==%E2%83%A5
Data
&bsol;=\
Data
&colon;=:
Data
&comma;=
Data
&commat;=@
Data
&DiacriticalGrave;=`
Data
&dollar;=$
Data
&equals;==
Data
&excl;=!
Data
&fjlig;=fj
Data
&grave;=`
Data
&gt;=>
Data
&GT;=>
Data
&Hat;=^
Data
&lbrace;={
Data
&lbrack;=[
Data
&lcub;={
Data
&lowbar;=_
Data
&lpar;=(
Data
&lsqb;=[
Data
&lt;=<
Data
&LT;=<
Data
&midast;=*
Data
&NewLine;=
Data
&num;=#
Data
&nvgt;=>%E2%83%92
Data
&nvlt;=<%E2%83%92
Data
&percnt;=%
Data
&period;=.
Data
&plus;=+
Data
&quest;=?
Data
&quot;="
Data
&QUOT;="
Data
&rbrace;=}
Data
&rbrack;=]
Data
&rcub;=}
Data
&rpar;=)
Data
&rsqb;=]
Data
&semi;=;
Data
&sol;=/
Data
&Tab;=
Data
&UnderBar;=_
Data
&verbar;=|
Data
&vert;=|
Data
&VerticalLine;=|
Firefox logo
Firefox 127.0 desktop macOS 10.15
Found 50 results
Data
Data
&amp;=&
Data
&AMP;=&
Data
&apos;='
Data
&ast;=*
Data
&bne;==%E2%83%A5
Data
&bsol;=\
Data
&colon;=:
Data
&comma;=
Data
&commat;=@
Data
&DiacriticalGrave;=`
Data
&dollar;=$
Data
&equals;==
Data
&excl;=!
Data
&fjlig;=fj
Data
&grave;=`
Data
&gt;=>
Data
&GT;=>
Data
&Hat;=^
Data
&lbrace;={
Data
&lbrack;=[
Data
&lcub;={
Data
&lowbar;=_
Data
&lpar;=(
Data
&lsqb;=[
Data
&lt;=<
Data
&LT;=<
Data
&midast;=*
Data
&NewLine;=
Data
&num;=#
Data
&nvgt;=>%E2%83%92
Data
&nvlt;=<%E2%83%92
Data
&percnt;=%
Data
&period;=.
Data
&plus;=+
Data
&quest;=?
Data
&quot;="
Data
&QUOT;="
Data
&rbrace;=}
Data
&rbrack;=]
Data
&rcub;=}
Data
&rpar;=)
Data
&rsqb;=]
Data
&semi;=;
Data
&sol;=/
Data
&Tab;=
Data
&UnderBar;=_
Data
&verbar;=|
Data
&vert;=|
Data
&VerticalLine;=|
Safari logo
Safari 17.4 desktop macOS 10.15.7
Found 50 results
Data
Data
&amp;=&
Data
&AMP;=&
Data
&apos;='
Data
&ast;=*
Data
&bne;==%E2%83%A5
Data
&bsol;=\
Data
&colon;=:
Data
&comma;=
Data
&commat;=@
Data
&DiacriticalGrave;=`
Data
&dollar;=$
Data
&equals;==
Data
&excl;=!
Data
&fjlig;=fj
Data
&grave;=`
Data
&gt;=>
Data
&GT;=>
Data
&Hat;=^
Data
&lbrace;={
Data
&lbrack;=[
Data
&lcub;={
Data
&lowbar;=_
Data
&lpar;=(
Data
&lsqb;=[
Data
&lt;=<
Data
&LT;=<
Data
&midast;=*
Data
&NewLine;=
Data
&num;=#
Data
&nvgt;=>%E2%83%92
Data
&nvlt;=<%E2%83%92
Data
&percnt;=%
Data
&period;=.
Data
&plus;=+
Data
&quest;=?
Data
&quot;="
Data
&QUOT;="
Data
&rbrace;=}
Data
&rbrack;=]
Data
&rcub;=}
Data
&rpar;=)
Data
&rsqb;=]
Data
&semi;=;
Data
&sol;=/
Data
&Tab;=
Data
&UnderBar;=_
Data
&verbar;=|
Data
&vert;=|
Data
&VerticalLine;=|