Shazzer logo

    Characters allowed javascript and colon

    Vector to check if any characters are allowed between javascript and : to still result in a javascript url.

    Created by: renniepak

    Created on: Tuesday, April 9, 2024 at 5:52:50 PM

    Updated on: Friday, July 26, 2024 at 12:57:49 PM

    Vector type: JS

    Template used:
    if (new URL("javascript$[chr]:alert()").protocol=="javascript:"){log($[i])}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    if (new URL("javascript	:alert()").protocol=="javascript:"){alert(9)}
    if (new URL("javascript::alert()").protocol=="javascript:"){alert(58)}
    if (new URL("javascript\:alert()").protocol=="javascript:"){alert(92)}

    Fuzz results

    Chrome logo
    Chrome 123.0.0.0 Unknown Unknown
    Found 3 results
    DecHexChr
    909HT
    DecHexChr
    583a:
    DecHexChr
    925c\
    Safari logo
    Safari 17.2.1 Unknown Unknown
    Found 3 results
    DecHexChr
    909HT
    DecHexChr
    583a:
    DecHexChr
    925c\