I'm trying to insert javascript:alert(1)
inside tag. There is some kind of filter for javascript, so I tried using javascrip%74:alert(1)
and that url is accepted.
However when i click on it it redirects me to https://www.website.com/javascript:alert(1)
instead of showing the alert box?
Why is that happening and how can I bypass that?