Characters allowed javascript and colon copy2

Chrome logo 4

Vector to check if any characters are allowed between javascript and : to still result in a javascript url.

Created by: avlidienbrunn

Created on: Sunday, September 29, 2024 at 3:23:28 PM

Updated on: Tuesday, December 10, 2024 at 5:32:46 PM

Vector type: JS

Vector charset: UTF-8

Template used:
if (new URL("javascript"+String.fromCodePoint(parseInt($[i]..toString(16),16))+":alert()").protocol=="javascript:"){log($[i])}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL("javascript"+String.fromCodePoint(parseInt(9..toString(16),16))+":alert()").protocol=="javascript:"){alert(9)}
if (new URL("javascript"+String.fromCodePoint(parseInt(10..toString(16),16))+":alert()").protocol=="javascript:"){alert(10)}
if (new URL("javascript"+String.fromCodePoint(parseInt(13..toString(16),16))+":alert()").protocol=="javascript:"){alert(13)}
if (new URL("javascript"+String.fromCodePoint(parseInt(58..toString(16),16))+":alert()").protocol=="javascript:"){alert(58)}

Fuzz results

Chrome logo
Chrome 128.0.0.0 desktop Linux

Updated

Sun Sep 29 2024
Found 4 results
Loading...