Shazzer logo
Login

Url parsing diff b/w window.open and new URL

Chrome logo 1
Firefox logo 1
Edge logo 1

Trying to bypass a check implemented like this try { parsedUrl = new URL(url) // do some checks protocol,host } catch(e){ // fine we can use it simply window.open(url) }

Sudistark
Created bySudistark
Created Feb 21, 2025
Updated May 28, 2025

Tweet
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
char = String.fromCodePoint($[i],$[j])0x0D
url = "javascript://"+char+"google.com"0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
   pwn(url,char)0x0D
 }0x0D
0x0D
function pwn(url,char){0x0D
   try{0x0D
 window.open(url)0x0D
 console.log("shirley");0x0D
log($[i],$[j])0x0D
 }catch(e){0x0D
}0x0D
}

Fuzz results

Chrome logo
Chrome 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Firefox logo
Firefox 148.0 desktop Windows NT 10.0
Updated23 Feb 2026
Found 1 result
Loading...
Edge logo
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated18 Feb 2026
Found 1 result
Loading...

Distributed Fuzzing

Enabled:
Status:disconnected
Your browser automatically contributes to distributed fuzzing when idle.