Hoisting...

Entities before protocol-relative URL

Tests which entities are allowed before a protocol-relative URL

Created byhackvertor

Created Apr 2, 2026

Updated Apr 3, 2026

Detecting browser...

CategoryEntity Parsing

VisibilityPublic

TypeJS

CharsetUTF-8

$[data1] placeholderhtml_entities

Code used before fuzz:

const div = document.createElement('div')

Template used:

div.innerHTML='<a href="$[data1]//example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   log('$[data1]');0x0D
}

Sample payloads

div.innerHTML='<a href="&bsol;//example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&bsol;');0x0D
}

div.innerHTML='<a href="&NewLine;//example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&NewLine;');0x0D
}

div.innerHTML='<a href="&sol;//example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&sol;');0x0D
}

div.innerHTML='<a href="&Tab;//example.com">';0x0D
if(div.querySelector('a').host === 'example.com') {0x0D
   alert('&Tab;');0x0D
}