Entities allowed inside host
9This vector shows which entities are ignored inside the host name.
Created by: hackvertor
Created on: Saturday, July 6, 2024 at 1:45:38 PM
Updated on: Monday, August 12, 2024 at 2:14:47 PM
Vector type: JS
Code used before fuzz:
const div = document.createElement('div')Template used:
div.innerHTML='<a href="//exam$[data1]ple.com">';
if(div.querySelector('a').host === 'example.com') {
log('$[data1]');
}Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
div.innerHTML='<a href="//exam​ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('​');
}div.innerHTML='<a href="//exam​ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('​');
}div.innerHTML='<a href="//exam​ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('​');
}div.innerHTML='<a href="//exam​ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('​');
}div.innerHTML='<a href="//exam
ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('
');
}div.innerHTML='<a href="//exam⁠ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('⁠');
}div.innerHTML='<a href="//exam­ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('­');
}div.innerHTML='<a href="//exam	ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('	');
}div.innerHTML='<a href="//exam​ple.com">';
if(div.querySelector('a').host === 'example.com') {
alert('​');
}Fuzz results
Safari 17.5 mobile iOS 17.5.1
Updated
Sat Jul 06 2024
Found 9 results
| Data |
|---|
| ​ |
| Data |
|---|
| ​ |
| Data |
|---|
| ​ |
| Data |
|---|
| ​ |
| Data |
|---|
| 
 |
| Data |
|---|
| ⁠ |
| Data |
|---|
| ­ |
| Data |
|---|
| 	 |
| Data |
|---|
| ​ |