Characters prepended to URL host. check if difference between URL and a tag

Characters ignored in URL, which yield in the same host property. Additionally it checks if the HTML a tag parses anything differently. This is just a simple modification of another fuzzing vector by hansmachine. It should not produce any results

Created byInsertScript

Created Jan 10, 2025

Updated May 27, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeJS

CharsetUTF-8

Template used:

if (new URL("https://a.com$[chr]/b").host=="a.com"){0x0D
  var t=document.createElement("a");0x0D
  t.href="https://a.com$[chr]/b";0x0D
  if (t.host != "a.com")0x0D
  {0x0D
    log($[i]);0x0D
  }0x0D
}0x0D
if (new URL("https://$[chr]a.com/b").host=="a.com"){0x0D
  var t=document.createElement("a");0x0D
  t.href="https://$[chr]a.com/b";0x0D
  if (t.host != "a.com")0x0D
  {0x0D
    log($[i]);0x0D
  }0x0D
}

Fuzz results

Chrome 145.0.0.0 desktop macOS 10.15.7

Updated17 Feb 2026

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending

Firefox 148.0 desktop Windows NT 10.0

Updated23 Feb 2026

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending

Microsoft Edge 145.0.0.0 desktop Windows NT 10.0

Updated18 Feb 2026

Found 1 result

Show differences only?

Filter out alphanumeric

Sort ascending

Characters prepended to URL host. check if difference between URL and a tag

Fuzz results

Distributed Fuzzing