Characters allowed begin from a forward slash character in javascript protocol
1
1
1
1Fuzz if window.location.href = `/${user_input}`; can redirect to javascript pseudo protocol.
Created bysiunam321
Created Oct 28, 2025
Updated Oct 28, 2025
Detecting browser...
CategoryURL Handling
VisibilityPublic
TypeJS
CharsetUTF-8
Template used:
const url = new URL(`/${String.fromCodePoint($[i])}javascript:alert(origin)`);0x0D
if (url.protocol === 'javascript:') {0x0D
log($[i]);0x0D
}Fuzz results
Chrome 145.0.0.0 desktop macOS 10.15.7
Updated8 Feb 2026
Found 1 result
Loading...
Firefox 148.0 desktop macOS 10.15
Updated2 Feb 2026
Found 1 result
Loading...
Microsoft Edge 145.0.0.0 desktop Windows NT 10.0
Updated16 Feb 2026
Found 1 result
Loading...
Safari 26.2 desktop macOS 10.15.7
Updated29 Jan 2026
Found 1 result
Loading...