Shazzer logo

    Characters unencoded characters supported in the hash

    Chrome logo 89
    Firefox logo 89
    Safari logo 89

    This vector shows which unencoded characters are allowed in the hash

    Created by: hackvertor

    Created on: Tuesday, September 24, 2024 at 12:33:51 PM

    Updated on: Wednesday, November 20, 2024 at 7:35:21 PM

    Vector type: JS

    Vector charset: UTF-8

    Code used before fuzz:
    const anchor = document.createElement('a');
    Template used:
    anchor.href='//example.com';
let chr = String.fromCodePoint($[i]);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))log($[i])
    Your browser was detected as:
    Detecting... Detecting... Detecting... Detecting...

    Sample payloads

    anchor.href='//example.com';
let chr = String.fromCodePoint(33);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(33)
    anchor.href='//example.com';
let chr = String.fromCodePoint(36);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(36)
    anchor.href='//example.com';
let chr = String.fromCodePoint(37);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(37)
    anchor.href='//example.com';
let chr = String.fromCodePoint(38);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(38)
    anchor.href='//example.com';
let chr = String.fromCodePoint(39);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(39)
    anchor.href='//example.com';
let chr = String.fromCodePoint(40);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(40)
    anchor.href='//example.com';
let chr = String.fromCodePoint(41);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(41)
    anchor.href='//example.com';
let chr = String.fromCodePoint(42);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(42)
    anchor.href='//example.com';
let chr = String.fromCodePoint(43);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(43)
    anchor.href='//example.com';
let chr = String.fromCodePoint(44);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(44)
    anchor.href='//example.com';
let chr = String.fromCodePoint(45);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(45)
    anchor.href='//example.com';
let chr = String.fromCodePoint(46);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(46)
    anchor.href='//example.com';
let chr = String.fromCodePoint(47);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(47)
    anchor.href='//example.com';
let chr = String.fromCodePoint(48);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(48)
    anchor.href='//example.com';
let chr = String.fromCodePoint(49);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(49)
    anchor.href='//example.com';
let chr = String.fromCodePoint(50);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(50)
    anchor.href='//example.com';
let chr = String.fromCodePoint(51);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(51)
    anchor.href='//example.com';
let chr = String.fromCodePoint(52);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(52)
    anchor.href='//example.com';
let chr = String.fromCodePoint(53);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(53)
    anchor.href='//example.com';
let chr = String.fromCodePoint(54);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(54)

    Fuzz results

    Chrome logo
    Chrome 129.0.0.0 desktop macOS 10.15.7

    Updated

    Tue Sep 24 2024
    Found 89 results
    Loading...
    Firefox logo
    Firefox 130.0 desktop macOS 10.15

    Updated

    Tue Sep 24 2024
    Found 89 results
    Loading...
    Safari logo
    Safari 18.0 desktop macOS 10.15.7

    Updated

    Tue Sep 24 2024
    Found 89 results
    Loading...