Non-standard characters that break JSON.parse()
29Characters that will break a JSON.parse() that do not include chars within standard JSON-format.
Created by: DreyAnd
Created on: Friday, November 15, 2024 at 12:28:16 AM
Updated on: Monday, December 30, 2024 at 10:43:49 AM
Vector type: JS
Vector charset: UTF-8
Template used:
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint($[i]))) {
JSON.parse(`{"test":"$[chr]"}`);
}
} catch {
log($[i]);
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(0))) {
JSON.parse(`{"test":"�"}`);
}
} catch {
alert(0);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(1))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(1);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(2))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(2);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(3))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(3);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(4))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(4);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(5))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(5);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(6))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(6);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(7))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(7);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(8))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(8);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(11))) {
JSON.parse(`{"test":"
"}`);
}
} catch {
alert(11);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(12))) {
JSON.parse(`{"test":"
"}`);
}
} catch {
alert(12);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(14))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(14);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(15))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(15);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(16))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(16);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(17))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(17);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(18))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(18);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(19))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(19);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(20))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(20);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(21))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(21);
}
try {
standard_chars = [
`"`, `'`, `,`, `\n`, `\t`, `\r`, `}`, `{`, `\\`
];
if (!standard_chars.includes(String.fromCodePoint(22))) {
JSON.parse(`{"test":""}`);
}
} catch {
alert(22);
}
Fuzz results
Chrome 127.0.0.0 desktop Linux Unknown
Updated
Fri Nov 15 2024
Found 29 results
Loading...