Shazzer logo
Login

Loose comparison, characters appended which still result in type coercion

Chrome logo 25
Firefox logo 25
Edge logo 25

Loose comparison of string with appended character, which still end up type coerced.

hansmach1ne
Created byhansmach1ne
Created Jan 6, 2025
Updated May 27, 2025

Tweet
Detecting browser...
CategoryCharacter Encoding
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
if('1337' + String.fromCodePoint($[i]) + String.fromCodePoint($[i]) == 1337){log($[i])}

Sample payloads

if('1337' + String.fromCodePoint(9) + String.fromCodePoint(9) == 1337){alert(9)}
if('1337' + String.fromCodePoint(10) + String.fromCodePoint(10) == 1337){alert(10)}
if('1337' + String.fromCodePoint(11) + String.fromCodePoint(11) == 1337){alert(11)}
if('1337' + String.fromCodePoint(12) + String.fromCodePoint(12) == 1337){alert(12)}
if('1337' + String.fromCodePoint(13) + String.fromCodePoint(13) == 1337){alert(13)}
if('1337' + String.fromCodePoint(32) + String.fromCodePoint(32) == 1337){alert(32)}
if('1337' + String.fromCodePoint(160) + String.fromCodePoint(160) == 1337){alert(160)}
if('1337' + String.fromCodePoint(5760) + String.fromCodePoint(5760) == 1337){alert(5760)}
if('1337' + String.fromCodePoint(8192) + String.fromCodePoint(8192) == 1337){alert(8192)}
if('1337' + String.fromCodePoint(8193) + String.fromCodePoint(8193) == 1337){alert(8193)}
if('1337' + String.fromCodePoint(8194) + String.fromCodePoint(8194) == 1337){alert(8194)}
if('1337' + String.fromCodePoint(8195) + String.fromCodePoint(8195) == 1337){alert(8195)}
if('1337' + String.fromCodePoint(8196) + String.fromCodePoint(8196) == 1337){alert(8196)}
if('1337' + String.fromCodePoint(8197) + String.fromCodePoint(8197) == 1337){alert(8197)}
if('1337' + String.fromCodePoint(8198) + String.fromCodePoint(8198) == 1337){alert(8198)}
if('1337' + String.fromCodePoint(8199) + String.fromCodePoint(8199) == 1337){alert(8199)}
if('1337' + String.fromCodePoint(8200) + String.fromCodePoint(8200) == 1337){alert(8200)}
if('1337' + String.fromCodePoint(8201) + String.fromCodePoint(8201) == 1337){alert(8201)}
if('1337' + String.fromCodePoint(8202) + String.fromCodePoint(8202) == 1337){alert(8202)}
if('1337' + String.fromCodePoint(8232) + String.fromCodePoint(8232) == 1337){alert(8232)}

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated17 Feb 2026
Found 25 results
Loading...
Chrome logo
Chrome 141.0.0.0 desktop macOS 10.15.7older version
Updated30 Oct 2025
Found 25 results
Loading...
Firefox logo
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 25 results
Loading...
Firefox logo
Firefox 147.0 desktop Linuxolder version
Updated1 Feb 2026
Found 25 results
Loading...
Edge logo
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 25 results
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.