HTML entities that create ASCII characters inside a JavaScript URL

Safari logo 50
Firefox logo 50
Chrome logo 50

This vector loops through all entities and assigns them to a JavaScript URL and checks if they decode to ASCII characters.

Created by: hackvertor

Created on: Tuesday, June 25, 2024 at 10:13:52 PM

Updated on: Thursday, October 3, 2024 at 12:29:42 AM

Vector type: JS

Code used before fuzz:
const div = document.createElement('div');
Template used:
div.innerHTML='<a href="javascript:$[data1]">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && log('$[data1]='+element.href.replace(/^.+?:/,''))
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="javascript:&amp;=&">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&amp;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&AMP;=&">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&AMP;=&='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&apos;='">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&apos;='='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&ast;=*">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&ast;=*='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bne;==%E2%83%A5">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bne;==%E2%83%A5='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&bsol;=\">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&bsol;=\='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&colon;=:">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&colon;=:='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&comma;=">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&comma;=='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&commat;=@">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&commat;=@='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&DiacriticalGrave;=`">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&DiacriticalGrave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&dollar;=$">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&dollar;=$='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&equals;==">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&equals;==='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&excl;=!">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&excl;=!='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&fjlig;=fj">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&fjlig;=fj='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&grave;=`">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&grave;=`='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&gt;=>">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&gt;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&GT;=>">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&GT;=>='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&Hat;=^">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&Hat;=^='+element.href.replace(/^.+?:/,''))
div.innerHTML='<a href="javascript:&lbrace;={">test</a>';
let element = div.querySelector('a');
(element.href==="javascript:"|/:.*[\x00-\x7f]/.test(element.href)) &&  !/^javascript:(%[a-fA-F0-9]{2})+$/.test(element.href) && alert('&lbrace;={='+element.href.replace(/^.+?:/,''))

Fuzz results

Safari logo
Safari 17.4 desktop macOS 10.15.7

Updated

Wed Jun 26 2024
Found 50 results
Data
Data
&amp;=&
Data
&AMP;=&
Data
&apos;='
Data
&ast;=*
Data
&bne;==%E2%83%A5
Data
&bsol;=\
Data
&colon;=:
Data
&comma;=
Data
&commat;=@
Data
&DiacriticalGrave;=`
Data
&dollar;=$
Data
&equals;==
Data
&excl;=!
Data
&fjlig;=fj
Data
&grave;=`
Data
&gt;=>
Data
&GT;=>
Data
&Hat;=^
Data
&lbrace;={
Data
&lbrack;=[
Data
&lcub;={
Data
&lowbar;=_
Data
&lpar;=(
Data
&lsqb;=[
Data
&lt;=<
Data
&LT;=<
Data
&midast;=*
Data
&NewLine;=
Data
&num;=#
Data
&nvgt;=>%E2%83%92
Data
&nvlt;=<%E2%83%92
Data
&percnt;=%
Data
&period;=.
Data
&plus;=+
Data
&quest;=?
Data
&quot;="
Data
&QUOT;="
Data
&rbrace;=}
Data
&rbrack;=]
Data
&rcub;=}
Data
&rpar;=)
Data
&rsqb;=]
Data
&semi;=;
Data
&sol;=/
Data
&Tab;=
Data
&UnderBar;=_
Data
&verbar;=|
Data
&vert;=|
Data
&VerticalLine;=|
Firefox logo
Firefox 127.0 desktop macOS 10.15

Updated

Wed Jun 26 2024
Found 50 results
Data
Data
&amp;=&
Data
&AMP;=&
Data
&apos;='
Data
&ast;=*
Data
&bne;==%E2%83%A5
Data
&bsol;=\
Data
&colon;=:
Data
&comma;=
Data
&commat;=@
Data
&DiacriticalGrave;=`
Data
&dollar;=$
Data
&equals;==
Data
&excl;=!
Data
&fjlig;=fj
Data
&grave;=`
Data
&gt;=>
Data
&GT;=>
Data
&Hat;=^
Data
&lbrace;={
Data
&lbrack;=[
Data
&lcub;={
Data
&lowbar;=_
Data
&lpar;=(
Data
&lsqb;=[
Data
&lt;=<
Data
&LT;=<
Data
&midast;=*
Data
&NewLine;=
Data
&num;=#
Data
&nvgt;=>%E2%83%92
Data
&nvlt;=<%E2%83%92
Data
&percnt;=%
Data
&period;=.
Data
&plus;=+
Data
&quest;=?
Data
&quot;="
Data
&QUOT;="
Data
&rbrace;=}
Data
&rbrack;=]
Data
&rcub;=}
Data
&rpar;=)
Data
&rsqb;=]
Data
&semi;=;
Data
&sol;=/
Data
&Tab;=
Data
&UnderBar;=_
Data
&verbar;=|
Data
&vert;=|
Data
&VerticalLine;=|
Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7

Updated

Sat Jun 29 2024
Found 50 results
Data
Data
&amp;=&
Data
&AMP;=&
Data
&apos;='
Data
&ast;=*
Data
&bne;==%E2%83%A5
Data
&bsol;=\
Data
&colon;=:
Data
&comma;=
Data
&commat;=@
Data
&DiacriticalGrave;=`
Data
&dollar;=$
Data
&equals;==
Data
&excl;=!
Data
&fjlig;=fj
Data
&grave;=`
Data
&gt;=>
Data
&GT;=>
Data
&Hat;=^
Data
&lbrace;={
Data
&lbrack;=[
Data
&lcub;={
Data
&lowbar;=_
Data
&lpar;=(
Data
&lsqb;=[
Data
&lt;=<
Data
&LT;=<
Data
&midast;=*
Data
&NewLine;=
Data
&num;=#
Data
&nvgt;=>%E2%83%92
Data
&nvlt;=<%E2%83%92
Data
&percnt;=%
Data
&period;=.
Data
&plus;=+
Data
&quest;=?
Data
&quot;="
Data
&QUOT;="
Data
&rbrace;=}
Data
&rbrack;=]
Data
&rcub;=}
Data
&rpar;=)
Data
&rsqb;=]
Data
&semi;=;
Data
&sol;=/
Data
&Tab;=
Data
&UnderBar;=_
Data
&verbar;=|
Data
&vert;=|
Data
&VerticalLine;=|