Characters not urlencoded when using the credentials part of the URL
⚠ Browser differences
65.5k
65.5k
65.5k
75This vector shows which characters are not encoded in the credentials part of the URL.
Created byhackvertor
Created May 28, 2024
Updated May 27, 2025
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Code used before fuzz:
const anchor = document.createElement('a');Template used:
anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint($[i]);0x0D
if(!/%/.test(anchor+''))log($[i])Sample payloads
anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(33);0x0D
if(!/%/.test(anchor+''))alert(33)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(36);0x0D
if(!/%/.test(anchor+''))alert(36)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(38);0x0D
if(!/%/.test(anchor+''))alert(38)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(39);0x0D
if(!/%/.test(anchor+''))alert(39)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(40);0x0D
if(!/%/.test(anchor+''))alert(40)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(41);0x0D
if(!/%/.test(anchor+''))alert(41)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(42);0x0D
if(!/%/.test(anchor+''))alert(42)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(43);0x0D
if(!/%/.test(anchor+''))alert(43)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(44);0x0D
if(!/%/.test(anchor+''))alert(44)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(45);0x0D
if(!/%/.test(anchor+''))alert(45)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(46);0x0D
if(!/%/.test(anchor+''))alert(46)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(48);0x0D
if(!/%/.test(anchor+''))alert(48)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(49);0x0D
if(!/%/.test(anchor+''))alert(49)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(50);0x0D
if(!/%/.test(anchor+''))alert(50)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(51);0x0D
if(!/%/.test(anchor+''))alert(51)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(52);0x0D
if(!/%/.test(anchor+''))alert(52)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(53);0x0D
if(!/%/.test(anchor+''))alert(53)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(54);0x0D
if(!/%/.test(anchor+''))alert(54)anchor.href='//example.com';0x0D
anchor.username = String.fromCodePoint(55);0x0D
if(!/%/.test(anchor+''))alert(55)Fuzz results
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated25 Jan 2026
Found 65536 results
Loading...
Chrome 129.0.0.0 desktop macOS 10.15.7older version
Updated24 Sept 2024
Found 74 results
Loading...
Chrome 125.0.0.0 Unknown Unknownolder version
Updated28 May 2024
Found 74 results
Loading...
Firefox 147.0 desktop Linux
Updated1 Feb 2026
Found 65536 results
Loading...
Firefox 130.0 desktop macOS 10.15older version
Updated24 Sept 2024
Found 75 results
Loading...
Firefox 126.0 Unknown Unknownolder version
Updated28 May 2024
Found 75 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 65536 results
Loading...
Safari 17.5 mobile iOS 17.5.1
Updated5 Jun 2024
Found 75 results
Loading...
Safari 17.4 Unknown Unknownolder version
Updated28 May 2024
Found 75 results
Loading...