Characters unencoded characters supported in the hash
⚠ Browser differences
1
89
89
89This vector shows which unencoded characters are allowed in the hash
Created byhackvertor
Created Sep 24, 2024
Updated May 27, 2025
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Code used before fuzz:
const anchor = document.createElement('a');Template used:
anchor.href='//example.com';0x0D
let chr = String.fromCodePoint($[i]);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))log($[i])Sample payloads
anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(33);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(33)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(36);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(36)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(37);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(37)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(38);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(38)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(39);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(39)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(40);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(40)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(41);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(41)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(42);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(42)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(43);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(43)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(44);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(44)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(45);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(45)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(46);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(46)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(47);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(47)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(48);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(48)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(49);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(49)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(50);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(50)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(51);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(51)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(52);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(52)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(53);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(53)anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(54);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(54)Fuzz results
Chrome 148.0.0.0 desktop Windows NT 10.0
Updated15 Mar 2026
Found 1 result
Loading...
Chrome 129.0.0.0 desktop macOS 10.15.7older version
Updated24 Sept 2024
Found 89 results
Loading...
Firefox 149.0 desktop macOS 10.15
Updated3 Apr 2026
Found 89 results
Loading...
Firefox 148.0 desktop Windows NT 10.0older version
Updated23 Feb 2026
Found 1 result
Loading...
Microsoft Edge 146.0.0.0 desktop Windows NT 10.0
Updated3 Apr 2026
Found 89 results
Loading...
Safari 18.0 desktop macOS 10.15.7
Updated24 Sept 2024
Found 89 results
Loading...