Javascript protocol fuzz results

By Gareth Heyes (@hackvertor)

Published 17 years 10 months ago • Last updated March 22, 2025 • ⏱️ < 1 min read

Well it seems that Firefox 2.0.0.14 has provided the most interesting results with my protocol fuzzer.

<pre lang="html"> Char: 56320, link: jav&#56320ascript: Char: 56321, link: jav&#56321ascript: Char: 56322, link: jav&#56322ascript: Char: 56323, link: jav&#56323ascript: Char: 56324, link: jav&#56324ascript: Char: 56325, link: jav&#56325ascript: ,, ,, ,, ,, </pre>

All the way to:-

<pre lang="html"> char: 57343, link: jav&#57343ascript: </pre>

and hex entities but with a semi-colon:-

<pre lang="html"> From: Char: 56320, link: jav&#xdc00;ascript: To: Char: 57343, link: jav&#xdfff;ascript: </pre>

It means code like this works in Firefox 2.0.0.14:-

<pre lang="html"> [test](jav&#56325ascript:al&#56325ert%281%29) </pre>

More oddities were found but nothing as interesting as the above.

The ever changing XML file can be found here which stores the vectors by platform and browser versions:-

Vectors XML

Update...

Opera strangeness too...

<pre lang="html"> Char:2048,Link:javascript&#2048: Char:2304,Link:javascript&#2304: Char:3328,Link:javascript&#3328: Char:3840,Link:javascript&#3840: Char:4096,Link:javascript&#4096: Char:4256,Link:javascript&#4256: Char:4352,Link:javascript&#4352: Char:4608,Link:javascript&#4608: Char:4864,Link:javascript&#4864: Plus nbsp is allowed here:- Char:160,Link:&#160javascript: </pre>

There are more, higher ones too :)

← Back to articles