12.7k
12.7k
2k
12.7kThese characters make the URI scheme parsing break and return plaintext instead of the parsed URL.
<a id="user_id" href="https:$[chr]blah/../../"></a>var user_id = document.getElementById("user_id");0x0D
var url = user_id.toString();0x0D
0x0D
if(url.indexOf("../") != -1) log($[i]);<a id="user_id" href="https:#blah/../../"></a><a id="user_id" href="https:%blah/../../"></a><a id="user_id" href="https:*blah/../../"></a><a id="user_id" href="https::blah/../../"></a><a id="user_id" href="https:<blah/../../"></a><a id="user_id" href="https:[blah/../../"></a><a id="user_id" href="https:|blah/../../"></a><a id="user_id" href="https:¨blah/../../"></a><a id="user_id" href="https:¯blah/../../"></a><a id="user_id" href="https:´blah/../../"></a><a id="user_id" href="https:¸blah/../../"></a><a id="user_id" href="https:blah/../../"></a><a id="user_id" href="https:blah/../../"></a><a id="user_id" href="https:blah/../../"></a><a id="user_id" href="https:blah/../../"></a><a id="user_id" href="https:؈blah/../../"></a><a id="user_id" href="https:؋blah/../../"></a><a id="user_id" href="https:؍blah/../../"></a><a id="user_id" href="https:blah/../../"></a>