Shazzer logo

    Entities allowed after slashes on a protocol relative URL

    Safari logo 12
    Chrome logo 12
    Firefox logo 12

    You can place whitespace after slashes, this vector finds out what entities you can place after them.

    Created by: hackvertor

    Created on: Saturday, July 6, 2024 at 11:50:39 AM

    Updated on: Wednesday, November 20, 2024 at 8:36:43 PM

    Vector type: JS

    Vector charset: UTF-8

    Code used before fuzz:
    const div = document.createElement('div')
    Template used:
    div.innerHTML='<a href="//$[data1]example.com">';
if(div.querySelector('a').host === 'example.com') {
   log('$[data1]');
}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    div.innerHTML='<a href="//&bsol;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&bsol;');
}
    div.innerHTML='<a href="//&commat;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&commat;');
}
    div.innerHTML='<a href="//&NegativeMediumSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeMediumSpace;');
}
    div.innerHTML='<a href="//&NegativeThickSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeThickSpace;');
}
    div.innerHTML='<a href="//&NegativeThinSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeThinSpace;');
}
    div.innerHTML='<a href="//&NegativeVeryThinSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeVeryThinSpace;');
}
    div.innerHTML='<a href="//&NewLine;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NewLine;');
}
    div.innerHTML='<a href="//&NoBreak;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NoBreak;');
}
    div.innerHTML='<a href="//&shy;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&shy;');
}
    div.innerHTML='<a href="//&sol;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&sol;');
}
    div.innerHTML='<a href="//&Tab;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&Tab;');
}
    div.innerHTML='<a href="//&ZeroWidthSpace;example.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&ZeroWidthSpace;');
}

    Fuzz results

    Safari logo
    Safari 17.5 mobile iOS 17.5.1

    Updated

    Sat Jul 06 2024
    Found 12 results
    Loading...
    Chrome logo
    Chrome 126.0.0.0 desktop macOS 10.15.7

    Updated

    Sat Jul 06 2024
    Found 12 results
    Loading...
    Firefox logo
    Firefox 127.0 desktop macOS 10.15

    Updated

    Sat Jul 06 2024
    Found 12 results
    Loading...