Characters allowed before the JavaScript protocol colon

This tests for chars allowed before the colon in a Javascript uri format.
Created by: RemakingEden
Created on: Monday, March 3, 2025 at 3:24:55 PM
Updated on: Monday, April 7, 2025 at 11:27:18 AM
Vector type: XSS
Vector charset: UTF-8
Code used before fuzz:
<script>window.onerror=x=>true;</script>
<base href="https://example.com" />
Template used:
<a href="javascript$[chr]:" id=x></a>
Code used after fuzz:
x.protocol === 'javascript:' && log($[i])
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
<a href="javascript :" id=x></a>
<a href="javascript
:" id=x></a>
<a href="javascript
:" id=x></a>
<a href="javascript::" id=x></a>
Fuzz results

Firefox 135.0 desktop macOS 10.15
Updated
Mon Mar 03 2025
Found 4 results
Loading...