298
46
46Characters ignored in URL, which yield in the same host property. This is just a simple modification of another fuzzing vector by hansmachine
if (new URL("https://$[chr]google.com/endpoint").host=="google.com"){log($[i])}if (new URL("https://0x09google.com/endpoint").host=="google.com"){alert(9)}if (new URL("https:///google.com/endpoint").host=="google.com"){alert(47)}if (new URL("https://@google.com/endpoint").host=="google.com"){alert(64)}if (new URL("https://\google.com/endpoint").host=="google.com"){alert(92)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(173)}if (new URL("https://͏google.com/endpoint").host=="google.com"){alert(847)}if (new URL("https://ᅟgoogle.com/endpoint").host=="google.com"){alert(4447)}if (new URL("https://ᅠgoogle.com/endpoint").host=="google.com"){alert(4448)}if (new URL("https://឴google.com/endpoint").host=="google.com"){alert(6068)}if (new URL("https://឵google.com/endpoint").host=="google.com"){alert(6069)}if (new URL("https://᠋google.com/endpoint").host=="google.com"){alert(6155)}if (new URL("https://᠌google.com/endpoint").host=="google.com"){alert(6156)}if (new URL("https://᠍google.com/endpoint").host=="google.com"){alert(6157)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(6158)}if (new URL("https://᠏google.com/endpoint").host=="google.com"){alert(6159)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(8203)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(8288)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(8289)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(8290)}if (new URL("https://google.com/endpoint").host=="google.com"){alert(8291)}