Entities allowed after slashes on a protocol relative URL

You can place whitespace after slashes, this vector finds out what entities you can place after them.

Created by: hackvertor

Created on: 7/6/2024, 11:50:39 AM

Updated on: 7/11/2024, 2:17:35 AM

Vector type: JS

Code used before fuzz:
const div = document.createElement('div')
Template used:
div.innerHTML='<a href="//$[data1]example.com">';
if(div.querySelector('a').host === 'example.com') {
   log('$[data1]');
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="//&bsol;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&bsol;');
}
div.innerHTML='<a href="//&commat;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&commat;');
}
div.innerHTML='<a href="//&NegativeMediumSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeMediumSpace;');
}
div.innerHTML='<a href="//&NegativeThickSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeThickSpace;');
}
div.innerHTML='<a href="//&NegativeThinSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeThinSpace;');
}
div.innerHTML='<a href="//&NegativeVeryThinSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeVeryThinSpace;');
}
div.innerHTML='<a href="//&NewLine;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NewLine;');
}
div.innerHTML='<a href="//&NoBreak;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NoBreak;');
}
div.innerHTML='<a href="//&shy;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&shy;');
}
div.innerHTML='<a href="//&sol;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&sol;');
}
div.innerHTML='<a href="//&Tab;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&Tab;');
}
div.innerHTML='<a href="//&ZeroWidthSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&ZeroWidthSpace;');
}

Fuzz results

Safari logo
Safari 17.5 mobile iOS 17.5.1
Found 12 results
Data
&bsol;
Data
&commat;
Data
&NegativeMediumSpace;
Data
&NegativeThickSpace;
Data
&NegativeThinSpace;
Data
&NegativeVeryThinSpace;
Data
&NewLine;
Data
&NoBreak;
Data
&shy;
Data
&sol;
Data
&Tab;
Data
&ZeroWidthSpace;
Chrome logo
Chrome 126.0.0.0 desktop macOS 10.15.7
Found 12 results
Data
&bsol;
Data
&commat;
Data
&NegativeMediumSpace;
Data
&NegativeThickSpace;
Data
&NegativeThinSpace;
Data
&NegativeVeryThinSpace;
Data
&NewLine;
Data
&NoBreak;
Data
&shy;
Data
&sol;
Data
&Tab;
Data
&ZeroWidthSpace;
Firefox logo
Firefox 127.0 desktop macOS 10.15
Found 12 results
Data
&bsol;
Data
&commat;
Data
&NegativeMediumSpace;
Data
&NegativeThickSpace;
Data
&NegativeThinSpace;
Data
&NegativeVeryThinSpace;
Data
&NewLine;
Data
&NoBreak;
Data
&shy;
Data
&sol;
Data
&Tab;
Data
&ZeroWidthSpace;