Shazzer logo

    Characters allowed before javascript URL

    Chrome logo 33
    Firefox logo 33
    Safari logo 33

    Vector to check if any characters are allowed before "javascript:" to still result in a javascript url. Note: compare this vector (JavaScript URL) with HTML DOM: https://shazzer.co.uk/vectors/661652f5c7a9004304ba5539

    Created by: ThomasOrlita

    Created on: Monday, April 15, 2024 at 11:08:49 PM

    Updated on: Wednesday, November 20, 2024 at 8:38:24 PM

    Vector type: JS

    Vector charset: UTF-8

    Template used:
    if (new URL(String.fromCodePoint($[i]) + "javascript:alert()").protocol=="javascript:"){log($[i])}
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    if (new URL(String.fromCodePoint(0) + "javascript:alert()").protocol=="javascript:"){alert(0)}
    if (new URL(String.fromCodePoint(1) + "javascript:alert()").protocol=="javascript:"){alert(1)}
    if (new URL(String.fromCodePoint(2) + "javascript:alert()").protocol=="javascript:"){alert(2)}
    if (new URL(String.fromCodePoint(3) + "javascript:alert()").protocol=="javascript:"){alert(3)}
    if (new URL(String.fromCodePoint(4) + "javascript:alert()").protocol=="javascript:"){alert(4)}
    if (new URL(String.fromCodePoint(5) + "javascript:alert()").protocol=="javascript:"){alert(5)}
    if (new URL(String.fromCodePoint(6) + "javascript:alert()").protocol=="javascript:"){alert(6)}
    if (new URL(String.fromCodePoint(7) + "javascript:alert()").protocol=="javascript:"){alert(7)}
    if (new URL(String.fromCodePoint(8) + "javascript:alert()").protocol=="javascript:"){alert(8)}
    if (new URL(String.fromCodePoint(9) + "javascript:alert()").protocol=="javascript:"){alert(9)}
    if (new URL(String.fromCodePoint(10) + "javascript:alert()").protocol=="javascript:"){alert(10)}
    if (new URL(String.fromCodePoint(11) + "javascript:alert()").protocol=="javascript:"){alert(11)}
    if (new URL(String.fromCodePoint(12) + "javascript:alert()").protocol=="javascript:"){alert(12)}
    if (new URL(String.fromCodePoint(13) + "javascript:alert()").protocol=="javascript:"){alert(13)}
    if (new URL(String.fromCodePoint(14) + "javascript:alert()").protocol=="javascript:"){alert(14)}
    if (new URL(String.fromCodePoint(15) + "javascript:alert()").protocol=="javascript:"){alert(15)}
    if (new URL(String.fromCodePoint(16) + "javascript:alert()").protocol=="javascript:"){alert(16)}
    if (new URL(String.fromCodePoint(17) + "javascript:alert()").protocol=="javascript:"){alert(17)}
    if (new URL(String.fromCodePoint(18) + "javascript:alert()").protocol=="javascript:"){alert(18)}
    if (new URL(String.fromCodePoint(19) + "javascript:alert()").protocol=="javascript:"){alert(19)}

    Fuzz results

    Chrome logo
    Chrome 124.0.0.0 Unknown Unknown

    Updated

    Tue Apr 30 2024
    Found 33 results
    Loading...
    Firefox logo
    Firefox 125.0 Unknown Unknown

    Updated

    Tue Apr 30 2024
    Found 33 results
    Loading...
    Safari logo
    Safari 17.4 Unknown Unknown

    Updated

    Tue Apr 30 2024
    Found 33 results
    Loading...
    Chrome logo
    Chrome 127.0.0.0 desktop macOS 10.15.7

    Updated

    Tue Aug 20 2024
    Found 33 results
    Loading...