Characters allowed javascript and colon copy2

Vector to check if any characters are allowed between javascript and : to still result in a javascript url.

Created on: Sunday, September 29, 2024 at 3:23:28 PM

Updated on: Friday, February 21, 2025 at 5:25:16 PM

Vector type: JS

Vector charset: UTF-8

Template used:

if (new URL("javascript"+String.fromCodePoint(parseInt($[i]..toString(16),16))+":alert()").protocol=="javascript:"){log($[i])}

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL("javascript"+String.fromCodePoint(parseInt(9..toString(16),16))+":alert()").protocol=="javascript:"){alert(9)}

if (new URL("javascript"+String.fromCodePoint(parseInt(10..toString(16),16))+":alert()").protocol=="javascript:"){alert(10)}

if (new URL("javascript"+String.fromCodePoint(parseInt(13..toString(16),16))+":alert()").protocol=="javascript:"){alert(13)}

if (new URL("javascript"+String.fromCodePoint(parseInt(58..toString(16),16))+":alert()").protocol=="javascript:"){alert(58)}

Chrome 128.0.0.0 desktop Linux

Updated

Sun Sep 29 2024

Found 4 results

Show differences only?

Filter out alphanumeric

Sort ascending