Characters allowed before javascript URL

Chrome logo 33
Firefox logo 33
Safari logo 33

Vector to check if any characters are allowed before "javascript:" to still result in a javascript url. Note: compare this vector (JavaScript URL) with HTML DOM: https://shazzer.co.uk/vectors/661652f5c7a9004304ba5539

Created by: ThomasOrlita

Created on: Monday, April 15, 2024 at 11:08:49 PM

Updated on: Friday, December 13, 2024 at 3:26:46 PM

Vector type: JS

Vector charset: UTF-8

Template used:
if (new URL(String.fromCodePoint($[i]) + "javascript:alert()").protocol=="javascript:"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL(String.fromCodePoint(0) + "javascript:alert()").protocol=="javascript:"){alert(0)}
if (new URL(String.fromCodePoint(1) + "javascript:alert()").protocol=="javascript:"){alert(1)}
if (new URL(String.fromCodePoint(2) + "javascript:alert()").protocol=="javascript:"){alert(2)}
if (new URL(String.fromCodePoint(3) + "javascript:alert()").protocol=="javascript:"){alert(3)}
if (new URL(String.fromCodePoint(4) + "javascript:alert()").protocol=="javascript:"){alert(4)}
if (new URL(String.fromCodePoint(5) + "javascript:alert()").protocol=="javascript:"){alert(5)}
if (new URL(String.fromCodePoint(6) + "javascript:alert()").protocol=="javascript:"){alert(6)}
if (new URL(String.fromCodePoint(7) + "javascript:alert()").protocol=="javascript:"){alert(7)}
if (new URL(String.fromCodePoint(8) + "javascript:alert()").protocol=="javascript:"){alert(8)}
if (new URL(String.fromCodePoint(9) + "javascript:alert()").protocol=="javascript:"){alert(9)}
if (new URL(String.fromCodePoint(10) + "javascript:alert()").protocol=="javascript:"){alert(10)}
if (new URL(String.fromCodePoint(11) + "javascript:alert()").protocol=="javascript:"){alert(11)}
if (new URL(String.fromCodePoint(12) + "javascript:alert()").protocol=="javascript:"){alert(12)}
if (new URL(String.fromCodePoint(13) + "javascript:alert()").protocol=="javascript:"){alert(13)}
if (new URL(String.fromCodePoint(14) + "javascript:alert()").protocol=="javascript:"){alert(14)}
if (new URL(String.fromCodePoint(15) + "javascript:alert()").protocol=="javascript:"){alert(15)}
if (new URL(String.fromCodePoint(16) + "javascript:alert()").protocol=="javascript:"){alert(16)}
if (new URL(String.fromCodePoint(17) + "javascript:alert()").protocol=="javascript:"){alert(17)}
if (new URL(String.fromCodePoint(18) + "javascript:alert()").protocol=="javascript:"){alert(18)}
if (new URL(String.fromCodePoint(19) + "javascript:alert()").protocol=="javascript:"){alert(19)}

Fuzz results

Chrome logo
Chrome 124.0.0.0 Unknown Unknown

Updated

Tue Apr 30 2024
Found 33 results
Loading...
Firefox logo
Firefox 125.0 Unknown Unknown

Updated

Tue Apr 30 2024
Found 33 results
Loading...
Safari logo
Safari 17.4 Unknown Unknown

Updated

Tue Apr 30 2024
Found 33 results
Loading...
Chrome logo
Chrome 127.0.0.0 desktop macOS 10.15.7

Updated

Tue Aug 20 2024
Found 33 results
Loading...