Cheat sheets

Characters ignored in JSON property names

JSON.parse('{"x [1]":1}').x&&log($[i])

How do you use it?

[1]

JSON.parse('{"x\":1}').x&&log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that act as attribute quotes

" '

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters ignored in an attribute name

HT LF FF CR SPACE / >

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed javascript and colon copy

HT LF CR : \

if (new URL(`javascript [1]:alert(1)`).protocol === "javascript:") { log(${i});}

How do you use it?

[1]

if (new URL(`javascriptHT:alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascriptLF:alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascriptCR:alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascript::alert(1)`).protocol === "javascript:") { log(${i});}
if (new URL(`javascript\:alert(1)`).protocol === "javascript:") { log(${i});}

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that can precede the javascript protocol

SOH STX ETX EOT ENQ ACK BEL BS HT LF VT FF CR SO SI DLE DC1 DC2 DC3 DC4 NAK SYNC ETB CAN EM SUB ESC FS GS RS US SPACE

HT LF CR

How do you use it?

[1]

[2]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed javascript and colon

HT : \

if (new URL("javascrip [1]t [2]:alert()").protocol=="javascript:"){log($[i])}

How do you use it?

[1]

if (new URL("javascripHTt:alert()").protocol=="javascript:"){log($[i])}

[2]

if (new URL("javascriptHT:alert()").protocol=="javascript:"){log($[i])}
if (new URL("javascript::alert()").protocol=="javascript:"){log($[i])}
if (new URL("javascript\:alert()").protocol=="javascript:"){log($[i])}

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that can be used in eval to write code in between

HT VT FF SPACE ; \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

eval(' [1]log($[i])')

How do you use it?

[1]

eval('HTlog($[i])')
eval('VTlog($[i])')
eval('FFlog($[i])')
eval('SPACElog($[i])')
eval(';log($[i])')

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters to break out from eval string

eval('" [1]');log($[i]);

How do you use it?

[1]

eval('""');log($[i]);

Shazzer cheat sheet
Generated by shazzer.co.uk

Valid characters between function and dot-parenthesis .()

prompt [1].();log($[i])

How do you use it?

[1]

prompt?.();log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Valid characters between function and parenthesis

HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

alert [1]();log($[i])

How do you use it?

[1]

alertHT();log($[i])
alertLF();log($[i])
alertVT();log($[i])
alertFF();log($[i])
alertCR();log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between < and element

<h1>sample</h1>

How do you use it?

Shazzer cheat sheet
Generated by shazzer.co.uk

Attribute separators

<imgonerror=alert() src=x />

How do you use it?

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed before optional chaining

HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

log [1]?. [2]($[i])

How do you use it?

[1]

logHT?. ($[i])
logLF?. ($[i])
logVT?. ($[i])
logFF?. ($[i])
logCR?. ($[i])

[2]

log ?.HT($[i])
log ?.LF($[i])
log ?.VT($[i])
log ?.FF($[i])
log ?.CR($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed before the tag attribute and equals.

HT LF FF CR SPACE

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed after the void operator

HT LF VT FF CR SPACE ! + - ~ \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

void [1]log($[i])

How do you use it?

[1]

voidHTlog($[i])
voidLFlog($[i])
voidVTlog($[i])
voidFFlog($[i])
voidCRlog($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that can be used as valid labels in JavaScript

$ _ \xaa \xb5 \xba \u02ec \u02ee \u037f \u0386 \u038c \u0559 \u06d5 \u06ff \u0710 \u07b1 \u07fa \u081a \u0824 \u0828 \u093d \u0950 \u09b2 \u09bd \u09ce \u09fc \u0a5e \u0abd \u0ad0 \u0af9 \u0b3d \u0b71 \u0b83 \u0b9c \u0bd0 \u0c3d \u0c5d \u0c80 \u0cbd \u0d3d \u0d4e \u0dbd \u0e84 \u0ea5 \u0ebd \u0ec6 \u0f00 \u103f \u1061 \u108e \u10c7 \u10cd \u1258 \u12c0 \u17d7 \u17dc \u18aa \u1aa7 \u1cfa \u1f59 \u1f5b \u1f5d \u1fbe \u2071 \u207f \u2102 \u2107 \u2115 \u2124 \u2126 \u2128 \u214e \u2d27 \u2d2d \u2d6f \ua7d3 \ua8fb \ua9cf \uaa7a \uaab1 \uaac0 \uaac2 \ufb1d \ufb3e \u{010808} \u{01083c} \u{010a00} \u{010f27} \u{011075} \u{011144} \u{011147} \u{011176} \u{0111da} \u{0111dc} \u{011288} \u{01133d} \u{011350} \u{0114c7} \u{011644} \u{0116b8} \u{011909} \u{01193f} \u{011941} \u{0119e1} \u{0119e3} \u{011a00} \u{011a3a} \u{011a50} \u{011a9d} \u{011c40} \u{011d46} \u{011d98} \u{011f02} \u{011fb0} \u{016f50} \u{016fe3} \u{01b132} \u{01b155} \u{01d4a2} \u{01d4bb} \u{01d546} \u{01e14e} \u{01e94b} \u{01ee24} \u{01ee27} \u{01ee39} \u{01ee3b} \u{01ee42} \u{01ee47} \u{01ee49} \u{01ee4b} \u{01ee54} \u{01ee57} \u{01ee59} \u{01ee5b} \u{01ee5d} \u{01ee5f} \u{01ee64} \u{01ee7e}

[1]:log($[i])

How do you use it?

[1]

$:log($[i])
_:log($[i])
\xaa:log($[i])
\xb5:log($[i])
\xba:log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that are valid JS variables

var [1]=log($[i])

How do you use it?

[1]

var $=log($[i])
var _=log($[i])
var \xaa=log($[i])
var \xb5=log($[i])
var \xba=log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed instead of equal sign

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between hostname and / but don't change the hostname

if (new URL("https://example.com/").hostname === 'example.com'){log($[i])}

How do you use it?

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed before onerror events

HT LF FF CR SPACE /

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters between < and element name

HT LF FF CR SPACE / >

< [1]found [2]>

How do you use it?

[1]

<<found >

[2]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between an object and bracket notation

HT LF VT FF CR SPACE % & * + , - / : ; < = > ^ | \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

document [1]['location'];log($[i])

How do you use it?

[1]

documentHT['location'];log($[i])
documentLF['location'];log($[i])
documentVT['location'];log($[i])
documentFF['location'];log($[i])
documentCR['location'];log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between an object and the dot operator

HT LF VT FF CR SPACE ? \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

window [1].alert();log($[i])

How do you use it?

[1]

windowHT.alert();log($[i])
windowLF.alert();log($[i])
windowVT.alert();log($[i])
windowFF.alert();log($[i])
windowCR.alert();log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

HTML comment before greater than

! - >

<!---- [1]><found>

How do you use it?

[1]

<found>
><found>

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that can be inserted in the middle of the JS protocol name

HT LF CR

<a id="0" href="j [1]avascript:window">craft-me</a>

How do you use it?

[1]

<a id="0" href="jHTavascript:window">craft-me</a>
<a id="0" href="jLFavascript:window">craft-me</a>
<a id="0" href="jCRavascript:window">craft-me</a>

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed in-between operators

HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

"1337" [1]inlog($[i])

How do you use it?

[1]

"1337"HTinlog($[i])
"1337"LFinlog($[i])
"1337"VTinlog($[i])
"1337"FFinlog($[i])
"1337"CRinlog($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed in-between hyphens

<!- [1]- ><xmp>--><img src/onerror=log($[i])>-->

How do you use it?

[1]

<img src/onerror=log($[i])>-->

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed as a class separator

HT LF FF CR SPACE

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that act like new line or single line comment

LF CR & * / ; < = > ? | \u2028 \u2029

log($[i]) [1]sdfasdfasfasfd

How do you use it?

[1]

log($[i])LFsdfasdfasfasfd
log($[i])CRsdfasdfasfasfd
log($[i])&sdfasdfasfasfd
log($[i])*sdfasdfasfasfd
log($[i])/sdfasdfasfasfd

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that act as quotes or whitespace

HT LF FF CR SPACE " ' ;

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between HTML attributes

HT LF FF CR SPACE /

How do you use it?

[1]

<imgHTsrconerror=log($[i])>
<imgLFsrconerror=log($[i])>
<imgFFsrconerror=log($[i])>
<imgCRsrconerror=log($[i])>
<imgSPACEsrconerror=log($[i])>

Shazzer cheat sheet
Generated by shazzer.co.uk

Valid characters before domain 1

HT LF CR / @ \ \xad \u034f \u180b \u180c \u180d \u180f \u200b \u2060 \u2064 \ufe00 \ufe01 \ufe02 \ufe03 \ufe04 \ufe05 \ufe06 \ufe07 \ufe08 \ufe09 \ufe0a \ufe0b \ufe0c \ufe0d \ufe0e \ufe0f \ufeff

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that can break out of a single line comment

LF CR \u2028 \u2029

// [1]log($[i])

How do you use it?

[1]

// LFlog($[i])
// CRlog($[i])
// \u2028log($[i])
// \u2029log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between variable name and equals sign

HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

const x [1]="x" if(x==="x"){log($[i])}

How do you use it?

[1]

const xHT="x" if(x==="x"){log($[i])}
const xLF="x" if(x==="x"){log($[i])}
const xVT="x" if(x==="x"){log($[i])}
const xFF="x" if(x==="x"){log($[i])}
const xCR="x" if(x==="x"){log($[i])}

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between slashes

HT / \

anchor.href='/ [1]/example.com'; if(anchor.host === 'example.com')log($[i])

How do you use it?

[1]

anchor.href='/HT/example.com'; if(anchor.host === 'example.com')log($[i])
anchor.href='///example.com'; if(anchor.host === 'example.com')log($[i])
anchor.href='/\/example.com'; if(anchor.host === 'example.com')log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Break out of CSS strings

LF FF CR '

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

characters after slash that make a http protocol

/ \

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters after strings

LF CR % & * + , - / ; < > ^ | \u2028 \u2029

"" [1]log($[i])

How do you use it?

[1]

""LFlog($[i])
""CRlog($[i])
""%log($[i])
""&log($[i])
""*log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed between in operator

HT LF VT FF CR SPACE \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

1337 [1]inlog($[i])

How do you use it?

[1]

1337HTinlog($[i])
1337LFinlog($[i])
1337VTinlog($[i])
1337FFinlog($[i])
1337CRinlog($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters that separate CSS properties

;

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Character that closes HTML tag

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

JavaScript separators between function names

LF CR % & * + , - / ; < > ^ | \u2028 \u2029

console.log() [1]log($[i])

How do you use it?

[1]

console.log()LFlog($[i])
console.log()CRlog($[i])
console.log()%log($[i])
console.log()&log($[i])
console.log()*log($[i])

Shazzer cheat sheet
Generated by shazzer.co.uk

Character allowed after onerror event

HT LF FF CR SPACE

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed before parentheses

HT LF VT FF CR SPACE

HT LF VT FF CR SPACE ; \xa0 \u1680 \u2000 \u2001 \u2002 \u2003 \u2004 \u2005 \u2006 \u2007 \u2008 \u2009 \u200a \u2028 \u2029 \u202f \u205f \u3000 \ufeff

log [1]($[i]) [2]

How do you use it?

[1]

logHT($[i])
logLF($[i])
logVT($[i])
logFF($[i])
logCR($[i])

[2]

log ($[i])HT
log ($[i])LF
log ($[i])VT
log ($[i])FF
log ($[i])CR

Shazzer cheat sheet
Generated by shazzer.co.uk

Characters allowed after * in CSS comments

How do you use it?

[1]

Shazzer cheat sheet
Generated by shazzer.co.uk