Entities allowed after slashes on a protocol relative URL

⚠ Browser differences

You can place whitespace after slashes, this vector finds out what entities you can place after them.

Shazzer Elite

Created byhackvertor

Created Jul 6, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeJS

CharsetUTF-8

$[data1] placeholderhtml_entities

Code used before fuzz:

const div = document.createElement('div')

Template used:

div.innerHTML='<a href="//$[data1]example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   log('$[data1]');0x0D
}

Sample payloads

div.innerHTML='<a href="//&af;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&af;');0x0D
}

div.innerHTML='<a href="//&ApplyFunction;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&ApplyFunction;');0x0D
}

div.innerHTML='<a href="//&bsol;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&bsol;');0x0D
}

div.innerHTML='<a href="//&commat;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&commat;');0x0D
}

div.innerHTML='<a href="//&ic;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&ic;');0x0D
}

div.innerHTML='<a href="//&InvisibleComma;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&InvisibleComma;');0x0D
}

div.innerHTML='<a href="//&InvisibleTimes;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&InvisibleTimes;');0x0D
}

div.innerHTML='<a href="//&it;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&it;');0x0D
}

div.innerHTML='<a href="//&NegativeMediumSpace;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NegativeMediumSpace;');0x0D
}

div.innerHTML='<a href="//&NegativeThickSpace;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NegativeThickSpace;');0x0D
}

div.innerHTML='<a href="//&NegativeThinSpace;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NegativeThinSpace;');0x0D
}

div.innerHTML='<a href="//&NegativeVeryThinSpace;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NegativeVeryThinSpace;');0x0D
}

div.innerHTML='<a href="//&NewLine;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NewLine;');0x0D
}

div.innerHTML='<a href="//&NoBreak;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NoBreak;');0x0D
}

div.innerHTML='<a href="//&shy;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&shy;');0x0D
}

div.innerHTML='<a href="//&sol;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&sol;');0x0D
}

div.innerHTML='<a href="//&Tab;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&Tab;');0x0D
}

div.innerHTML='<a href="//&ZeroWidthSpace;example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&ZeroWidthSpace;');0x0D
}

Distributed Fuzzing

Entities allowed after slashes on a protocol relative URL

Sample payloads

Fuzz results