Characters not urlencoded when using the credentials part of the URL

Firefox logo 75
Safari logo 75
Chrome logo 74

This vector shows which characters are not encoded in the credentials part of the URL.

Created by: hackvertor

Created on: Tuesday, May 28, 2024 at 10:11:36 PM

Updated on: Friday, December 6, 2024 at 11:38:49 PM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:
const anchor = document.createElement('a');
Template used:
anchor.href='//example.com';
anchor.username = String.fromCodePoint($[i]);
if(!/%/.test(anchor+''))log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

anchor.href='//example.com';
anchor.username = String.fromCodePoint(33);
if(!/%/.test(anchor+''))alert(33)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(36);
if(!/%/.test(anchor+''))alert(36)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(38);
if(!/%/.test(anchor+''))alert(38)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(39);
if(!/%/.test(anchor+''))alert(39)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(40);
if(!/%/.test(anchor+''))alert(40)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(41);
if(!/%/.test(anchor+''))alert(41)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(42);
if(!/%/.test(anchor+''))alert(42)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(43);
if(!/%/.test(anchor+''))alert(43)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(44);
if(!/%/.test(anchor+''))alert(44)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(45);
if(!/%/.test(anchor+''))alert(45)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(46);
if(!/%/.test(anchor+''))alert(46)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(48);
if(!/%/.test(anchor+''))alert(48)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(49);
if(!/%/.test(anchor+''))alert(49)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(50);
if(!/%/.test(anchor+''))alert(50)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(51);
if(!/%/.test(anchor+''))alert(51)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(52);
if(!/%/.test(anchor+''))alert(52)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(53);
if(!/%/.test(anchor+''))alert(53)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(54);
if(!/%/.test(anchor+''))alert(54)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(55);
if(!/%/.test(anchor+''))alert(55)
anchor.href='//example.com';
anchor.username = String.fromCodePoint(56);
if(!/%/.test(anchor+''))alert(56)

Fuzz results

Firefox logo
Firefox 126.0 Unknown Unknown

Updated

Tue May 28 2024
Found 75 results
Loading...
Safari logo
Safari 17.4 Unknown Unknown

Updated

Tue May 28 2024
Found 75 results
Loading...
Chrome logo
Chrome 125.0.0.0 Unknown Unknown

Updated

Tue May 28 2024
Found 74 results
Loading...
Safari logo
Safari 17.5 mobile iOS 17.5.1

Updated

Wed Jun 05 2024
Found 75 results
Loading...
Chrome logo
Chrome 129.0.0.0 desktop macOS 10.15.7

Updated

Tue Sep 24 2024
Found 74 results
Loading...
Firefox logo
Firefox 130.0 desktop macOS 10.15

Updated

Tue Sep 24 2024
Found 75 results
Loading...