Shazzer logo

    Characters not urlencoded when using the credentials part of the URL

    Firefox logo 75
    Safari logo 75
    Chrome logo 74

    This vector shows which characters are not encoded in the credentials part of the URL.

    Created by: hackvertor

    Created on: Tuesday, May 28, 2024 at 10:11:36 PM

    Updated on: Friday, February 7, 2025 at 1:03:02 PM

    Vector type: JS

    Vector charset: UTF-8

    Code used before fuzz:
    const anchor = document.createElement('a');
    Template used:
    anchor.href='//example.com';
anchor.username = String.fromCodePoint($[i]);
if(!/%/.test(anchor+''))log($[i])
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    anchor.href='//example.com';
anchor.username = String.fromCodePoint(33);
if(!/%/.test(anchor+''))alert(33)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(36);
if(!/%/.test(anchor+''))alert(36)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(38);
if(!/%/.test(anchor+''))alert(38)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(39);
if(!/%/.test(anchor+''))alert(39)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(40);
if(!/%/.test(anchor+''))alert(40)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(41);
if(!/%/.test(anchor+''))alert(41)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(42);
if(!/%/.test(anchor+''))alert(42)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(43);
if(!/%/.test(anchor+''))alert(43)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(44);
if(!/%/.test(anchor+''))alert(44)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(45);
if(!/%/.test(anchor+''))alert(45)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(46);
if(!/%/.test(anchor+''))alert(46)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(48);
if(!/%/.test(anchor+''))alert(48)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(49);
if(!/%/.test(anchor+''))alert(49)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(50);
if(!/%/.test(anchor+''))alert(50)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(51);
if(!/%/.test(anchor+''))alert(51)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(52);
if(!/%/.test(anchor+''))alert(52)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(53);
if(!/%/.test(anchor+''))alert(53)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(54);
if(!/%/.test(anchor+''))alert(54)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(55);
if(!/%/.test(anchor+''))alert(55)
    anchor.href='//example.com';
anchor.username = String.fromCodePoint(56);
if(!/%/.test(anchor+''))alert(56)

    Fuzz results

    Firefox logo
    Firefox 126.0 Unknown Unknown

    Updated

    Tue May 28 2024
    Found 75 results
    Loading...
    Safari logo
    Safari 17.4 Unknown Unknown

    Updated

    Tue May 28 2024
    Found 75 results
    Loading...
    Chrome logo
    Chrome 125.0.0.0 Unknown Unknown

    Updated

    Tue May 28 2024
    Found 74 results
    Loading...
    Safari logo
    Safari 17.5 mobile iOS 17.5.1

    Updated

    Wed Jun 05 2024
    Found 75 results
    Loading...
    Chrome logo
    Chrome 129.0.0.0 desktop macOS 10.15.7

    Updated

    Tue Sep 24 2024
    Found 74 results
    Loading...
    Firefox logo
    Firefox 130.0 desktop macOS 10.15

    Updated

    Tue Sep 24 2024
    Found 75 results
    Loading...