[Back]

This test uses an unsupported application scheme and a href target to trick the browser into displaying the href target as the current address bar value, while actually navigating to an attacker controlled page.

Start