Security Test - Bad Links

Individual case pages

Collector Log

Payloads in the Live Output column run automatically in sandboxed iframes. Fetch and beacon calls appear here (auto-refreshes every 2 s).

Waiting for hits…
Bad Links Security Test Cases
Case Name Payload Expected Behavior Live Output
H1 javascript: href 
<a href="javascript:fetch('/collect/js-href?c='+document.cookie)">Open report</a>
 Crawler output should not create an active javascript: link.
H2 data: URL href 
<a href="data:text/html,<script>fetch('/collect/data-url?c='+document.cookie)</script>">Open data URL</a>
 Crawler output should not create an active data: link with script content.
H3 Tabnabbing target blank without noopener 
<a href="/collect/blank" target="_blank">Open report in new tab</a>
 Crawler output should not render unsafe target blank links without normalization.

Back to crawl test home