Shazzer logo
Login

Chars in href that will not default to full URL

⚠ Browser differences
Chrome logo 2.1k
Firefox logo 1
Edge logo 2.1k

test

joaxcar
Created byjoaxcar
Created Nov 16, 2024
Updated May 27, 2025

Tweet
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeXSS
CharsetUTF-8
$[data1] placeholderhtml_entities
Template used:
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="$[data1]<>";window.a.href.includes("http") ? false : log("$[data1]")</script>

Sample payloads

<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&aacute;<>";window.a.href.includes("http") ? false : alert("&aacute;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&Abreve;<>";window.a.href.includes("http") ? false : alert("&Abreve;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&abreve;<>";window.a.href.includes("http") ? false : alert("&abreve;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&ac;<>";window.a.href.includes("http") ? false : alert("&ac;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&acd;<>";window.a.href.includes("http") ? false : alert("&acd;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&acE;<>";window.a.href.includes("http") ? false : alert("&acE;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&Acirc;<>";window.a.href.includes("http") ? false : alert("&Acirc;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&acirc;<>";window.a.href.includes("http") ? false : alert("&acirc;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&acute;<>";window.a.href.includes("http") ? false : alert("&acute;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&Acy;<>";window.a.href.includes("http") ? false : alert("&Acy;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&acy;<>";window.a.href.includes("http") ? false : alert("&acy;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&AElig;<>";window.a.href.includes("http") ? false : alert("&AElig;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&aelig;<>";window.a.href.includes("http") ? false : alert("&aelig;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&af;<>";window.a.href.includes("http") ? false : alert("&af;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&Afr;<>";window.a.href.includes("http") ? false : alert("&Afr;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&afr;<>";window.a.href.includes("http") ? false : alert("&afr;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&Agrave;<>";window.a.href.includes("http") ? false : alert("&Agrave;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&agrave;<>";window.a.href.includes("http") ? false : alert("&agrave;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&alefsym;<>";window.a.href.includes("http") ? false : alert("&alefsym;")</script>
<base href="http://test.se"><a id="a"></a>0x0D
<script>window.a.href="&aleph;<>";window.a.href.includes("http") ? false : alert("&aleph;")</script>

Fuzz results

Chrome logo
Chrome 146.0.0.0 desktop Windows NT 10.0
Updated12 Mar 2026
Found 2124 results
Loading...
Chrome logo
Chrome 145.0.0.0 desktop macOS 10.15.7older version
Updated17 Feb 2026
Found 2124 results
Loading...
Firefox logo
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 2124 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.