Characters allowed javascript and colon copy

Vector to check if any characters are allowed between javascript and : to still result in a javascript url.

Created by: rootd4ddy

Created on: 5/23/2024, 5:03:07 PM

Updated on: 7/13/2024, 3:43:26 AM

Vector type: JS

Template used:
if (new URL(`javascript$[chr]:alert(1)`).protocol === "javascript:") { log(${i});}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL(`javascript	:alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript
:alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript
:alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript::alert(1)`).protocol === "javascript:") { alert(${i});}
if (new URL(`javascript\:alert(1)`).protocol === "javascript:") { alert(${i});}

Fuzz results

Chrome logo
Chrome 125.0.0.0 Unknown Unknown
Found 5 results
DecHexChr
909HT
DecHexChr
100aLF
DecHexChr
130dCR
DecHexChr
583a:
DecHexChr
925c\