Includes Validation Chars Allowed
1
1
1Check for chars allowed before the string to validate.
Created bySimpsonpt
Created Oct 8, 2024
Updated May 28, 2025
Detecting browser...
CategoryXSS Execution
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
if (['https:'].includes("$[chr]https:")){0x0D
log($[i])0x0D
}Sample payloads
if (['https:'].includes("\https:")){0x0D
alert(92)0x0D
}Fuzz results
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated25 Jan 2026
Found 1 result
Loading...
Firefox 147.0 desktop macOS 10.15
Updated30 Jan 2026
Found 1 result
Loading...
Firefox 131.0 desktop Linuxolder version
Updated8 Oct 2024
Found 1 result
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 1 result
Loading...