Characters allowed before javascript URL

Vector to check if any characters are allowed before "javascript:" to still result in a javascript url. Note: compare this vector (JavaScript URL) with HTML DOM: https://shazzer.co.uk/vectors/661652f5c7a9004304ba5539

Created by: ThomasOrlita

Created on: 4/15/2024, 11:08:49 PM

Updated on: 6/28/2024, 1:04:16 PM

Vector type: JS

Template used:
if (new URL(String.fromCodePoint($[i]) + "javascript:alert()").protocol=="javascript:"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL(String.fromCodePoint(0) + "javascript:alert()").protocol=="javascript:"){alert(0)}
if (new URL(String.fromCodePoint(1) + "javascript:alert()").protocol=="javascript:"){alert(1)}
if (new URL(String.fromCodePoint(2) + "javascript:alert()").protocol=="javascript:"){alert(2)}
if (new URL(String.fromCodePoint(3) + "javascript:alert()").protocol=="javascript:"){alert(3)}
if (new URL(String.fromCodePoint(4) + "javascript:alert()").protocol=="javascript:"){alert(4)}
if (new URL(String.fromCodePoint(5) + "javascript:alert()").protocol=="javascript:"){alert(5)}
if (new URL(String.fromCodePoint(6) + "javascript:alert()").protocol=="javascript:"){alert(6)}
if (new URL(String.fromCodePoint(7) + "javascript:alert()").protocol=="javascript:"){alert(7)}
if (new URL(String.fromCodePoint(8) + "javascript:alert()").protocol=="javascript:"){alert(8)}
if (new URL(String.fromCodePoint(9) + "javascript:alert()").protocol=="javascript:"){alert(9)}
if (new URL(String.fromCodePoint(10) + "javascript:alert()").protocol=="javascript:"){alert(10)}
if (new URL(String.fromCodePoint(11) + "javascript:alert()").protocol=="javascript:"){alert(11)}
if (new URL(String.fromCodePoint(12) + "javascript:alert()").protocol=="javascript:"){alert(12)}
if (new URL(String.fromCodePoint(13) + "javascript:alert()").protocol=="javascript:"){alert(13)}
if (new URL(String.fromCodePoint(14) + "javascript:alert()").protocol=="javascript:"){alert(14)}
if (new URL(String.fromCodePoint(15) + "javascript:alert()").protocol=="javascript:"){alert(15)}
if (new URL(String.fromCodePoint(16) + "javascript:alert()").protocol=="javascript:"){alert(16)}
if (new URL(String.fromCodePoint(17) + "javascript:alert()").protocol=="javascript:"){alert(17)}
if (new URL(String.fromCodePoint(18) + "javascript:alert()").protocol=="javascript:"){alert(18)}
if (new URL(String.fromCodePoint(19) + "javascript:alert()").protocol=="javascript:"){alert(19)}
if (new URL(String.fromCodePoint(20) + "javascript:alert()").protocol=="javascript:"){alert(20)}
if (new URL(String.fromCodePoint(21) + "javascript:alert()").protocol=="javascript:"){alert(21)}
if (new URL(String.fromCodePoint(22) + "javascript:alert()").protocol=="javascript:"){alert(22)}
if (new URL(String.fromCodePoint(23) + "javascript:alert()").protocol=="javascript:"){alert(23)}
if (new URL(String.fromCodePoint(24) + "javascript:alert()").protocol=="javascript:"){alert(24)}
if (new URL(String.fromCodePoint(25) + "javascript:alert()").protocol=="javascript:"){alert(25)}
if (new URL(String.fromCodePoint(26) + "javascript:alert()").protocol=="javascript:"){alert(26)}
if (new URL(String.fromCodePoint(27) + "javascript:alert()").protocol=="javascript:"){alert(27)}
if (new URL(String.fromCodePoint(28) + "javascript:alert()").protocol=="javascript:"){alert(28)}
if (new URL(String.fromCodePoint(29) + "javascript:alert()").protocol=="javascript:"){alert(29)}
if (new URL(String.fromCodePoint(30) + "javascript:alert()").protocol=="javascript:"){alert(30)}
if (new URL(String.fromCodePoint(31) + "javascript:alert()").protocol=="javascript:"){alert(31)}
if (new URL(String.fromCodePoint(32) + "javascript:alert()").protocol=="javascript:"){alert(32)}

Fuzz results

Chrome logo
Chrome 124.0.0.0 Unknown Unknown
Found 33 results
DecHexChr
000NUL
DecHexChr
101SOH
DecHexChr
202STX
DecHexChr
303ETX
DecHexChr
404EOT
DecHexChr
505ENQ
DecHexChr
606ACK
DecHexChr
707BEL
DecHexChr
808BS
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
110bVT
DecHexChr
120cFF
DecHexChr
130dCR
DecHexChr
140eSO
DecHexChr
150fSI
DecHexChr
1610DLE
DecHexChr
1711DC1
DecHexChr
1812DC2
DecHexChr
1913DC3
DecHexChr
2014DC4
DecHexChr
2115NAK
DecHexChr
2216SYNC
DecHexChr
2317ETB
DecHexChr
2418CAN
DecHexChr
2519EM
DecHexChr
261aSUB
DecHexChr
271bESC
DecHexChr
281cFS
DecHexChr
291dGS
DecHexChr
301eRS
DecHexChr
311fUS
DecHexChr
3220SPACE
Safari logo
Safari 17.4 Unknown Unknown
Found 33 results
DecHexChr
000NUL
DecHexChr
101SOH
DecHexChr
202STX
DecHexChr
303ETX
DecHexChr
404EOT
DecHexChr
505ENQ
DecHexChr
606ACK
DecHexChr
707BEL
DecHexChr
808BS
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
110bVT
DecHexChr
120cFF
DecHexChr
130dCR
DecHexChr
140eSO
DecHexChr
150fSI
DecHexChr
1610DLE
DecHexChr
1711DC1
DecHexChr
1812DC2
DecHexChr
1913DC3
DecHexChr
2014DC4
DecHexChr
2115NAK
DecHexChr
2216SYNC
DecHexChr
2317ETB
DecHexChr
2418CAN
DecHexChr
2519EM
DecHexChr
261aSUB
DecHexChr
271bESC
DecHexChr
281cFS
DecHexChr
291dGS
DecHexChr
301eRS
DecHexChr
311fUS
DecHexChr
3220SPACE
Firefox logo
Firefox 125.0 Unknown Unknown
Found 33 results
DecHexChr
000NUL
DecHexChr
101SOH
DecHexChr
202STX
DecHexChr
303ETX
DecHexChr
404EOT
DecHexChr
505ENQ
DecHexChr
606ACK
DecHexChr
707BEL
DecHexChr
808BS
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
110bVT
DecHexChr
120cFF
DecHexChr
130dCR
DecHexChr
140eSO
DecHexChr
150fSI
DecHexChr
1610DLE
DecHexChr
1711DC1
DecHexChr
1812DC2
DecHexChr
1913DC3
DecHexChr
2014DC4
DecHexChr
2115NAK
DecHexChr
2216SYNC
DecHexChr
2317ETB
DecHexChr
2418CAN
DecHexChr
2519EM
DecHexChr
261aSUB
DecHexChr
271bESC
DecHexChr
281cFS
DecHexChr
291dGS
DecHexChr
301eRS
DecHexChr
311fUS
DecHexChr
3220SPACE