Entities allowed inside host

This vector shows which entities are ignored inside the host name.

Created by: hackvertor

Created on: Saturday, July 6, 2024 at 1:45:38 PM

Updated on: Wednesday, November 20, 2024 at 8:36:44 PM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:
const div = document.createElement('div')

Template used:

div.innerHTML='<a href="//exam$[data1]ple.com">';
if(div.querySelector('a').host === 'example.com') {
   log('$[data1]');
}

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

div.innerHTML='<a href="//exam&NegativeMediumSpace;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeMediumSpace;');
}

div.innerHTML='<a href="//exam&NegativeThickSpace;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeThickSpace;');
}

div.innerHTML='<a href="//exam&NegativeThinSpace;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeThinSpace;');
}

div.innerHTML='<a href="//exam&NegativeVeryThinSpace;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NegativeVeryThinSpace;');
}

div.innerHTML='<a href="//exam&NewLine;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NewLine;');
}

div.innerHTML='<a href="//exam&NoBreak;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&NoBreak;');
}

div.innerHTML='<a href="//exam&shy;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&shy;');
}

div.innerHTML='<a href="//exam&Tab;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&Tab;');
}

div.innerHTML='<a href="//exam&ZeroWidthSpace;ple.com">';
if(div.querySelector('a').host === 'example.com') {
   alert('&ZeroWidthSpace;');
}

Fuzz results

Safari 17.5 mobile iOS 17.5.1

Updated

Sat Jul 06 2024

Found 9 results

Show differences only?

Filter out alphanumeric

Sort ascending