2k
2
2k
12.7kThese characters make the URI scheme parsing break and return plaintext instead of the parsed URL.
<a id="user_id" href="https:$[chr]blah/../../"></a>var user_id = document.getElementById("user_id");0x0D
var url = user_id.toString();0x0D
0x0D
if(url.indexOf("../") != -1) log($[i]);<a id="user_id" href="https:#blah/../../"></a><a id="user_id" href="https:?blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a><a id="user_id" href="https:�blah/../../"></a>