Url parsing diff b/w anchor.href and new URL

.
Created by: Sudistark
Created on: Monday, May 26, 2025 at 7:19:37 AM
Updated on: Wednesday, May 28, 2025 at 5:06:18 PM
Vector type: JS
Vector charset: UTF-8
Code used before fuzz:
const anchor = document.createElement('a');
Template used:
char = String.fromCodePoint($[i])
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){log($[i])}
}
Your browser was detected as:
Detecting... Detecting... Detecting... Detecting...
Sample payloads
char = String.fromCodePoint(60)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(60)}
}
char = String.fromCodePoint(62)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(62)}
}
char = String.fromCodePoint(64)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(64)}
}
char = String.fromCodePoint(91)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(91)}
}
char = String.fromCodePoint(92)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(92)}
}
char = String.fromCodePoint(93)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(93)}
}
char = String.fromCodePoint(94)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(94)}
}
char = String.fromCodePoint(124)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(124)}
}
char = String.fromCodePoint(65536)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65536)}
}
char = String.fromCodePoint(65545)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65545)}
}
char = String.fromCodePoint(65546)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65546)}
}
char = String.fromCodePoint(65549)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65549)}
}
char = String.fromCodePoint(65568)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65568)}
}
char = String.fromCodePoint(65571)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65571)}
}
char = String.fromCodePoint(65583)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65583)}
}
char = String.fromCodePoint(65594)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65594)}
}
char = String.fromCodePoint(65596)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65596)}
}
char = String.fromCodePoint(65598)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65598)}
}
char = String.fromCodePoint(65599)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65599)}
}
char = String.fromCodePoint(65600)
url = "javascript://google.com"+char
try {
new URL(url)
}
catch(e){
anchor.href=url
if(anchor.protocol !== ':'){alert(65600)}
}
Fuzz results

Safari 18.5 mobile iOS 18.5
Updated
Wed Jul 02 2025
Found 280 results
Loading...