Fuzzing for Max sanitized input (simplified)

Chrome logo 33

Simplified test for Max (https://discord.com/channels/1110206757227216916/1168685918920638614/1358614602153201736)

Created by: vitorfhc

Created on: Monday, April 7, 2025 at 11:26:32 AM

Updated on: Wednesday, May 28, 2025 at 5:06:20 PM


Vector type: XSS

Vector charset: UTF-8

Code used before fuzz:
<script>
window.onerror=x=>true;
</script>
<base href="https://example.com" />
Template used:
<a id=x></a>
Code used after fuzz:
const mw = /^(?!javascript:)/i;
function nu(e) {
    return (e = String(e)).match(mw) ? e : "unsafe:" + e
}

const t = nu(`${String.fromCodePoint($[i])}javascript:alert(1)`);
x.href = t
x.protocol === 'javascript:' && log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

<a id=x></a>

Fuzz results

Chrome logo
Chrome 135.0.0.0 desktop macOS 10.15.7

Updated

Mon Apr 07 2025
Found 33 results
Loading...
Chrome logo
Chrome 136.0.0.0 desktop Windows NT 10.0

Updated

Tue May 27 2025
Found 33 results
Loading...