Characters allowed javascript and colon

Vector to check if any characters are allowed between javascript and : to still result in a javascript url.

Created by: renniepak

Created on: Tuesday, April 9, 2024 at 5:52:50 PM

Updated on: Wednesday, May 28, 2025 at 11:16:43 AM

Vector type: JS

Vector charset: UTF-8

Template used:
if (new URL("javascript$[chr]:alert()").protocol=="javascript:"){log($[i])}

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL("javascript :alert()").protocol=="javascript:"){alert(9)}if (new URL("javascript::alert()").protocol=="javascript:"){alert(58)}if (new URL("javascript\:alert()").protocol=="javascript:"){alert(92)}

Characters allowed javascript and colon

Sample payloads

Fuzz results