Characters allowed before the JavaScript protocol colon
4
4
4This tests for chars allowed before the colon in a Javascript uri format.
Created byRemakingEden
Created Mar 3, 2025
Updated May 28, 2025
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeXSS
CharsetUTF-8
Code used before fuzz:
<script>window.onerror=x=>true;</script>0x0D
<base href="https://example.com" />Template used:
<a href="javascript$[chr]:" id=x></a>Code used after fuzz:
x.protocol === 'javascript:' && log($[i])Sample payloads
<a href="javascript0x09:" id=x></a><a href="javascript
:" id=x></a><a href="javascript0x0D:" id=x></a><a href="javascript::" id=x></a>Fuzz results
Chrome 144.0.0.0 desktop Windows NT 10.0
Updated30 Jan 2026
Found 4 results
Loading...
Chrome 143.0.0.0 desktop macOS 10.15.7older version
Updated25 Jan 2026
Found 4 results
Loading...
Firefox 147.0 desktop Windows NT 10.0
Updated31 Jan 2026
Found 4 results
Loading...
Firefox 135.0 desktop macOS 10.15older version
Updated3 Mar 2025
Found 4 results
Loading...
Microsoft Edge 144.0.0.0 desktop Windows NT 10.0
Updated26 Jan 2026
Found 4 results
Loading...