Characters allowed in colon entity

This vector shows if a character is allowed in an entity. Firefox did that in the past

Created Sep 19, 2024

Updated May 27, 2025

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeXSS

CharsetUTF-8

Template used:

<a href="javascript&colo$[chr]n;abcd" id="x">f</a>0x0D

Code used after fuzz:

try{0x0D
if(x.protocol == "javascript:")log($[i])0x0D
}catch(e){}

Fuzz results

Chrome 145.0.0.0 desktop Windows NT 10.0

Updated17 Feb 2026

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 148.0 desktop Windows NT 10.0

Updated23 Feb 2026

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending

Microsoft Edge 145.0.0.0 desktop Windows NT 10.0

Updated18 Feb 2026

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending