Characters allowed javascript and colon copy2
4
4
4
4Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
Created byavlidienbrunn
Created Sep 29, 2024
Updated May 28, 2025
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
if (new URL("javascript"+String.fromCodePoint(parseInt($[i]..toString(16),16))+":alert()").protocol=="javascript:"){log($[i])}Sample payloads
if (new URL("javascript"+String.fromCodePoint(parseInt(9..toString(16),16))+":alert()").protocol=="javascript:"){alert(9)}if (new URL("javascript"+String.fromCodePoint(parseInt(10..toString(16),16))+":alert()").protocol=="javascript:"){alert(10)}if (new URL("javascript"+String.fromCodePoint(parseInt(13..toString(16),16))+":alert()").protocol=="javascript:"){alert(13)}if (new URL("javascript"+String.fromCodePoint(parseInt(58..toString(16),16))+":alert()").protocol=="javascript:"){alert(58)}Fuzz results
Chrome 144.0.0.0 desktop macOS 10.15.7
Updated
Fri Jan 30 2026
Found 4 results
Loading...
Chrome 143.0.0.0 desktop Windows NT 10.0older version
Updated
Fri Jan 30 2026
Found 4 results
Loading...
Chrome 128.0.0.0 desktop Linuxolder version
Updated
Sun Sep 29 2024
Found 4 results
Loading...
Firefox 147.0 desktop Windows NT 10.0
Updated
Mon Jan 26 2026
Found 4 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated
Mon Jan 26 2026
Found 4 results
Loading...
Safari 18.5 desktop macOS 10.15.7
Updated
Fri Aug 01 2025
Found 4 results
Loading...
Safari 18.5 mobile iOS 18.5
Updated
Wed Jul 02 2025
Found 4 results
Loading...