4
4
4
4This is an example how you can use the XSS type to fuzz URLs. This one fuzzes entities before double slashes. It uses a base tag to get round the sandboxed iframe problems.
<script>window.onerror=x=>true;</script>0x0D
<base href="https://example.com" /><a href="$[data1]//example2.com" id=x></a>x.protocol === 'https:' && x.host === "example2.com" && log('$[data1]')<a href="\//example2.com" id=x></a><a href="
//example2.com" id=x></a><a href="///example2.com" id=x></a><a href="	//example2.com" id=x></a>