300
48
300
32This is an example how you can use the XSS type to fuzz URLs. This one fuzzes characters after double slashes. It uses a base tag to get round the sandboxed iframe problems.
<script>window.onerror=x=>true;</script>0x0D
<base href="https://example.com" /><a href="//$[chr]example2.com" id=x></a>x.protocol === 'https:' && x.host === "example2.com" && log($[i])<a href="//0x09example2.com" id=x></a><a href="//
example2.com" id=x></a><a href="//0x0Dexample2.com" id=x></a><a href="///example2.com" id=x></a><a href="//@example2.com" id=x></a><a href="//\example2.com" id=x></a><a href="//example2.com" id=x></a><a href="//͏example2.com" id=x></a><a href="//ᅟexample2.com" id=x></a><a href="//ᅠexample2.com" id=x></a><a href="//឴example2.com" id=x></a><a href="//឵example2.com" id=x></a><a href="//᠋example2.com" id=x></a><a href="//᠌example2.com" id=x></a><a href="//᠍example2.com" id=x></a><a href="//example2.com" id=x></a><a href="//᠏example2.com" id=x></a><a href="//example2.com" id=x></a><a href="//example2.com" id=x></a><a href="//example2.com" id=x></a>