Characters unencoded characters supported in the hash

This vector shows which unencoded characters are allowed in the hash

Shazzer Elite

Created Sep 24, 2024

Updated May 27, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeJS

CharsetUTF-8

Code used before fuzz:

const anchor = document.createElement('a');

Template used:

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint($[i]);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))log($[i])

Sample payloads

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(33);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(33)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(36);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(36)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(37);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(37)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(38);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(38)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(39);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(39)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(40);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(40)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(41);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(41)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(42);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(42)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(43);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(43)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(44);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(44)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(45);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(45)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(46);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(46)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(47);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(47)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(48);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(48)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(49);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(49)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(50);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(50)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(51);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(51)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(52);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(52)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(53);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(53)

anchor.href='//example.com';0x0D
let chr = String.fromCodePoint(54);0x0D
anchor.hash = chr;0x0D
if(anchor.hash.slice(1).includes(chr))alert(54)