Characters allowed javascript and colon copy
Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
Created by: rootd4ddy
Created on: 5/23/2024, 5:03:07 PM
Updated on: 7/3/2024, 6:44:44 AM
Vector type: JS
Template used:
if (new URL(`javascript$[chr]:alert(1)`).protocol === "javascript:") { log(${i});}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
if (new URL(`javascript :alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript
:alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript
:alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript::alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript\:alert(1)`).protocol === "javascript:") { alert(${i});}
Fuzz results
Chrome 125.0.0.0 Unknown Unknown
Found 5 results
| Dec | Hex | Chr |
|---|---|---|
| 9 | 09 | HT |
| Dec | Hex | Chr |
|---|---|---|
| 10 | 0a | LF |
| Dec | Hex | Chr |
|---|---|---|
| 13 | 0d | CR |
| Dec | Hex | Chr |
|---|---|---|
| 58 | 3a | : |
| Dec | Hex | Chr |
|---|---|---|
| 92 | 5c | \ |