Characters unencoded characters supported in the hash

Chrome logo 89
Firefox logo 89
Safari logo 89

This vector shows which unencoded characters are allowed in the hash

Created by: hackvertor

Created on: Tuesday, September 24, 2024 at 12:33:51 PM

Updated on: Tuesday, December 17, 2024 at 5:58:42 PM

Vector type: JS

Vector charset: UTF-8

Code used before fuzz:
const anchor = document.createElement('a');
Template used:
anchor.href='//example.com';
let chr = String.fromCodePoint($[i]);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

anchor.href='//example.com';
let chr = String.fromCodePoint(33);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(33)
anchor.href='//example.com';
let chr = String.fromCodePoint(36);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(36)
anchor.href='//example.com';
let chr = String.fromCodePoint(37);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(37)
anchor.href='//example.com';
let chr = String.fromCodePoint(38);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(38)
anchor.href='//example.com';
let chr = String.fromCodePoint(39);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(39)
anchor.href='//example.com';
let chr = String.fromCodePoint(40);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(40)
anchor.href='//example.com';
let chr = String.fromCodePoint(41);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(41)
anchor.href='//example.com';
let chr = String.fromCodePoint(42);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(42)
anchor.href='//example.com';
let chr = String.fromCodePoint(43);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(43)
anchor.href='//example.com';
let chr = String.fromCodePoint(44);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(44)
anchor.href='//example.com';
let chr = String.fromCodePoint(45);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(45)
anchor.href='//example.com';
let chr = String.fromCodePoint(46);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(46)
anchor.href='//example.com';
let chr = String.fromCodePoint(47);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(47)
anchor.href='//example.com';
let chr = String.fromCodePoint(48);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(48)
anchor.href='//example.com';
let chr = String.fromCodePoint(49);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(49)
anchor.href='//example.com';
let chr = String.fromCodePoint(50);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(50)
anchor.href='//example.com';
let chr = String.fromCodePoint(51);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(51)
anchor.href='//example.com';
let chr = String.fromCodePoint(52);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(52)
anchor.href='//example.com';
let chr = String.fromCodePoint(53);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(53)
anchor.href='//example.com';
let chr = String.fromCodePoint(54);
anchor.hash = chr;
if(anchor.hash.slice(1).includes(chr))alert(54)

Fuzz results

Chrome logo
Chrome 129.0.0.0 desktop macOS 10.15.7

Updated

Tue Sep 24 2024
Found 89 results
Loading...
Firefox logo
Firefox 130.0 desktop macOS 10.15

Updated

Tue Sep 24 2024
Found 89 results
Loading...
Safari logo
Safari 18.0 desktop macOS 10.15.7

Updated

Tue Sep 24 2024
Found 89 results
Loading...