Includes Validation Chars Allowed
1
1
1Check for chars allowed before the string to validate.
Created bySimpsonpt
Created Oct 8, 2024
Updated May 28, 2025
Detecting browser...
CategoryXSS Execution
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
if (['https:'].includes("$[chr]https:")){0x0D
log($[i])0x0D
}Sample payloads
if (['https:'].includes("\https:")){0x0D
alert(92)0x0D
}Fuzz results
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Chrome 144.0.0.0 desktop Linuxolder version
Updated16 Feb 2026
Found 1 result
Loading...
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 1 result
Loading...
Firefox 147.0 desktop macOS 10.15older version
Updated30 Jan 2026
Found 1 result
Loading...
Firefox 131.0 desktop Linuxolder version
Updated8 Oct 2024
Found 1 result
Loading...
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 1 result
Loading...