Characters allowed javascript and colon copy2 copy2

Vector to check if any characters are allowed between javascript and : to still result in a javascript url.

Created on: Thursday, November 7, 2024 at 4:23:17 PM

Updated on: Thursday, November 7, 2024 at 7:08:18 PM

Vector type: JS

Vector charset: UTF-8

Template used:

if (new URL("javascrip"+String.fromCodePoint(parseInt($[i]..toString(16),16))+"t:alert()").protocol=="javascript:"){log($[i])}

Your browser was detected as:

Detecting... Detecting... Detecting... Detecting...

Sample payloads

if (new URL("javascrip"+String.fromCodePoint(parseInt(9..toString(16),16))+"t:alert()").protocol=="javascript:"){alert(9)}

if (new URL("javascrip"+String.fromCodePoint(parseInt(10..toString(16),16))+"t:alert()").protocol=="javascript:"){alert(10)}

if (new URL("javascrip"+String.fromCodePoint(parseInt(13..toString(16),16))+"t:alert()").protocol=="javascript:"){alert(13)}

Firefox 132.0 desktop Windows NT 10.0

Updated

Thu Nov 07 2024

Found 3 results

Show differences only?

Filter out alphanumeric

Sort ascending