Url parsing diff b/w anchor.href and new URL

⚠ Browser differences

Novice Fuzzer

Created bySudistark

Created May 26, 2025

Updated May 28, 2025

Detecting browser...

CategoryURL Handling

VisibilityPublic

TypeJS

CharsetUTF-8

Code used before fuzz:

const anchor = document.createElement('a');0x0D

Template used:

char = String.fromCodePoint($[i])0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){log($[i])}0x0D
}

Sample payloads

char = String.fromCodePoint(60)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(60)}0x0D
}

char = String.fromCodePoint(62)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(62)}0x0D
}

char = String.fromCodePoint(64)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(64)}0x0D
}

char = String.fromCodePoint(91)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(91)}0x0D
}

char = String.fromCodePoint(92)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(92)}0x0D
}

char = String.fromCodePoint(93)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(93)}0x0D
}

char = String.fromCodePoint(94)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(94)}0x0D
}

char = String.fromCodePoint(124)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(124)}0x0D
}

char = String.fromCodePoint(65536)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65536)}0x0D
}

char = String.fromCodePoint(65545)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65545)}0x0D
}

char = String.fromCodePoint(65546)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65546)}0x0D
}

char = String.fromCodePoint(65549)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65549)}0x0D
}

char = String.fromCodePoint(65568)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65568)}0x0D
}

char = String.fromCodePoint(65571)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65571)}0x0D
}

char = String.fromCodePoint(65583)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65583)}0x0D
}

char = String.fromCodePoint(65594)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65594)}0x0D
}

char = String.fromCodePoint(65596)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65596)}0x0D
}

char = String.fromCodePoint(65598)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65598)}0x0D
}

char = String.fromCodePoint(65599)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65599)}0x0D
}

char = String.fromCodePoint(65600)0x0D
url = "javascript://google.com"+char0x0D
0x0D
try {0x0D
    new URL(url)0x0D
}0x0D
catch(e){0x0D
    anchor.href=url0x0D
    if(anchor.protocol !== ':'){alert(65600)}0x0D
}

Distributed Fuzzing

Url parsing diff b/w anchor.href and new URL

Sample payloads

Fuzz results