Characters allowed javascript and colon
Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
Created by: renniepak
Created on: Tuesday, April 9, 2024 at 5:52:50 PM
Updated on: Friday, July 26, 2024 at 12:57:49 PM
Vector type: JS
Template used:
if (new URL("javascript$[chr]:alert()").protocol=="javascript:"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
if (new URL("javascript :alert()").protocol=="javascript:"){alert(9)}
if (new URL("javascript::alert()").protocol=="javascript:"){alert(58)}
if (new URL("javascript\:alert()").protocol=="javascript:"){alert(92)}
Fuzz results
![Chrome logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fchrome.png&w=64&q=75)
Chrome 123.0.0.0 Unknown Unknown
Found 3 results
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
58 | 3a | : |
Dec | Hex | Chr |
---|---|---|
92 | 5c | \ |
![Safari logo](/_next/image?url=%2Flogos%2Fbrowsers%2Fsafari.png&w=64&q=75)
Safari 17.2.1 Unknown Unknown
Found 3 results
Dec | Hex | Chr |
---|---|---|
9 | 09 | HT |
Dec | Hex | Chr |
---|---|---|
58 | 3a | : |
Dec | Hex | Chr |
---|---|---|
92 | 5c | \ |