Characters unencoded characters supported in the hash

Chrome logo 89
Firefox logo 89
Safari logo 89

This vector shows which unencoded characters are allowed in the hash

Created by: hackvertor

Created on: Tuesday, September 24, 2024 at 12:33:51 PM

Updated on: Sunday, September 29, 2024 at 9:10:28 AM

Vector type: JS

Code used before fuzz:
const anchor = document.createElement('a');
Template used:
anchor.href='//example.com';
let chr = String.fromCodePoint($[i]);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

anchor.href='//example.com';
let chr = String.fromCodePoint(33);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(33)
anchor.href='//example.com';
let chr = String.fromCodePoint(36);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(36)
anchor.href='//example.com';
let chr = String.fromCodePoint(37);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(37)
anchor.href='//example.com';
let chr = String.fromCodePoint(38);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(38)
anchor.href='//example.com';
let chr = String.fromCodePoint(39);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(39)
anchor.href='//example.com';
let chr = String.fromCodePoint(40);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(40)
anchor.href='//example.com';
let chr = String.fromCodePoint(41);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(41)
anchor.href='//example.com';
let chr = String.fromCodePoint(42);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(42)
anchor.href='//example.com';
let chr = String.fromCodePoint(43);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(43)
anchor.href='//example.com';
let chr = String.fromCodePoint(44);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(44)
anchor.href='//example.com';
let chr = String.fromCodePoint(45);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(45)
anchor.href='//example.com';
let chr = String.fromCodePoint(46);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(46)
anchor.href='//example.com';
let chr = String.fromCodePoint(47);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(47)
anchor.href='//example.com';
let chr = String.fromCodePoint(48);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(48)
anchor.href='//example.com';
let chr = String.fromCodePoint(49);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(49)
anchor.href='//example.com';
let chr = String.fromCodePoint(50);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(50)
anchor.href='//example.com';
let chr = String.fromCodePoint(51);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(51)
anchor.href='//example.com';
let chr = String.fromCodePoint(52);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(52)
anchor.href='//example.com';
let chr = String.fromCodePoint(53);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(53)
anchor.href='//example.com';
let chr = String.fromCodePoint(54);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(54)

Fuzz results

Chrome logo
Chrome 129.0.0.0 desktop macOS 10.15.7

Updated

Tue Sep 24 2024
Found 89 results
DecHexChr
3321!
DecHexChr
3624$
DecHexChr
3725%
DecHexChr
3826&
DecHexChr
3927'
DecHexChr
4028(
DecHexChr
4129)
DecHexChr
422a*
DecHexChr
432b+
DecHexChr
442c,
DecHexChr
452d-
DecHexChr
462e.
DecHexChr
472f/
DecHexChr
48300
DecHexChr
49311
DecHexChr
50322
DecHexChr
51333
DecHexChr
52344
DecHexChr
53355
DecHexChr
54366
DecHexChr
55377
DecHexChr
56388
DecHexChr
57399
DecHexChr
583a:
DecHexChr
593b;
DecHexChr
613d=
DecHexChr
633f?
DecHexChr
6440@
DecHexChr
6541A
DecHexChr
6642B
DecHexChr
6743C
DecHexChr
6844D
DecHexChr
6945E
DecHexChr
7046F
DecHexChr
7147G
DecHexChr
7248H
DecHexChr
7349I
DecHexChr
744aJ
DecHexChr
754bK
DecHexChr
764cL
DecHexChr
774dM
DecHexChr
784eN
DecHexChr
794fO
DecHexChr
8050P
DecHexChr
8151Q
DecHexChr
8252R
DecHexChr
8353S
DecHexChr
8454T
DecHexChr
8555U
DecHexChr
8656V
DecHexChr
8757W
DecHexChr
8858X
DecHexChr
8959Y
DecHexChr
905aZ
DecHexChr
915b[
DecHexChr
925c\
DecHexChr
935d]
DecHexChr
945e^
DecHexChr
955f_
DecHexChr
9761a
DecHexChr
9862b
DecHexChr
9963c
DecHexChr
10064d
DecHexChr
10165e
DecHexChr
10266f
DecHexChr
10367g
DecHexChr
10468h
DecHexChr
10569i
DecHexChr
1066aj
DecHexChr
1076bk
DecHexChr
1086cl
DecHexChr
1096dm
DecHexChr
1106en
DecHexChr
1116fo
DecHexChr
11270p
DecHexChr
11371q
DecHexChr
11472r
DecHexChr
11573s
DecHexChr
11674t
DecHexChr
11775u
DecHexChr
11876v
DecHexChr
11977w
DecHexChr
12078x
DecHexChr
12179y
DecHexChr
1227az
DecHexChr
1237b{
DecHexChr
1247c|
DecHexChr
1257d}
DecHexChr
1267e~
Firefox logo
Firefox 130.0 desktop macOS 10.15

Updated

Tue Sep 24 2024
Found 89 results
DecHexChr
3321!
DecHexChr
3624$
DecHexChr
3725%
DecHexChr
3826&
DecHexChr
3927'
DecHexChr
4028(
DecHexChr
4129)
DecHexChr
422a*
DecHexChr
432b+
DecHexChr
442c,
DecHexChr
452d-
DecHexChr
462e.
DecHexChr
472f/
DecHexChr
48300
DecHexChr
49311
DecHexChr
50322
DecHexChr
51333
DecHexChr
52344
DecHexChr
53355
DecHexChr
54366
DecHexChr
55377
DecHexChr
56388
DecHexChr
57399
DecHexChr
583a:
DecHexChr
593b;
DecHexChr
613d=
DecHexChr
633f?
DecHexChr
6440@
DecHexChr
6541A
DecHexChr
6642B
DecHexChr
6743C
DecHexChr
6844D
DecHexChr
6945E
DecHexChr
7046F
DecHexChr
7147G
DecHexChr
7248H
DecHexChr
7349I
DecHexChr
744aJ
DecHexChr
754bK
DecHexChr
764cL
DecHexChr
774dM
DecHexChr
784eN
DecHexChr
794fO
DecHexChr
8050P
DecHexChr
8151Q
DecHexChr
8252R
DecHexChr
8353S
DecHexChr
8454T
DecHexChr
8555U
DecHexChr
8656V
DecHexChr
8757W
DecHexChr
8858X
DecHexChr
8959Y
DecHexChr
905aZ
DecHexChr
915b[
DecHexChr
925c\
DecHexChr
935d]
DecHexChr
945e^
DecHexChr
955f_
DecHexChr
9761a
DecHexChr
9862b
DecHexChr
9963c
DecHexChr
10064d
DecHexChr
10165e
DecHexChr
10266f
DecHexChr
10367g
DecHexChr
10468h
DecHexChr
10569i
DecHexChr
1066aj
DecHexChr
1076bk
DecHexChr
1086cl
DecHexChr
1096dm
DecHexChr
1106en
DecHexChr
1116fo
DecHexChr
11270p
DecHexChr
11371q
DecHexChr
11472r
DecHexChr
11573s
DecHexChr
11674t
DecHexChr
11775u
DecHexChr
11876v
DecHexChr
11977w
DecHexChr
12078x
DecHexChr
12179y
DecHexChr
1227az
DecHexChr
1237b{
DecHexChr
1247c|
DecHexChr
1257d}
DecHexChr
1267e~
Safari logo
Safari 18.0 desktop macOS 10.15.7

Updated

Tue Sep 24 2024
Found 89 results
DecHexChr
3321!
DecHexChr
3624$
DecHexChr
3725%
DecHexChr
3826&
DecHexChr
3927'
DecHexChr
4028(
DecHexChr
4129)
DecHexChr
422a*
DecHexChr
432b+
DecHexChr
442c,
DecHexChr
452d-
DecHexChr
462e.
DecHexChr
472f/
DecHexChr
48300
DecHexChr
49311
DecHexChr
50322
DecHexChr
51333
DecHexChr
52344
DecHexChr
53355
DecHexChr
54366
DecHexChr
55377
DecHexChr
56388
DecHexChr
57399
DecHexChr
583a:
DecHexChr
593b;
DecHexChr
613d=
DecHexChr
633f?
DecHexChr
6440@
DecHexChr
6541A
DecHexChr
6642B
DecHexChr
6743C
DecHexChr
6844D
DecHexChr
6945E
DecHexChr
7046F
DecHexChr
7147G
DecHexChr
7248H
DecHexChr
7349I
DecHexChr
744aJ
DecHexChr
754bK
DecHexChr
764cL
DecHexChr
774dM
DecHexChr
784eN
DecHexChr
794fO
DecHexChr
8050P
DecHexChr
8151Q
DecHexChr
8252R
DecHexChr
8353S
DecHexChr
8454T
DecHexChr
8555U
DecHexChr
8656V
DecHexChr
8757W
DecHexChr
8858X
DecHexChr
8959Y
DecHexChr
905aZ
DecHexChr
915b[
DecHexChr
925c\
DecHexChr
935d]
DecHexChr
945e^
DecHexChr
955f_
DecHexChr
9761a
DecHexChr
9862b
DecHexChr
9963c
DecHexChr
10064d
DecHexChr
10165e
DecHexChr
10266f
DecHexChr
10367g
DecHexChr
10468h
DecHexChr
10569i
DecHexChr
1066aj
DecHexChr
1076bk
DecHexChr
1086cl
DecHexChr
1096dm
DecHexChr
1106en
DecHexChr
1116fo
DecHexChr
11270p
DecHexChr
11371q
DecHexChr
11472r
DecHexChr
11573s
DecHexChr
11674t
DecHexChr
11775u
DecHexChr
11876v
DecHexChr
11977w
DecHexChr
12078x
DecHexChr
12179y
DecHexChr
1227az
DecHexChr
1237b{
DecHexChr
1247c|
DecHexChr
1257d}
DecHexChr
1267e~