🔍 /

Bookmarklet Button

Create, test, and manage JavaScript bookmarklet buttons. Minify code, generate drag-to-toolbar links, and export collections.

User Rating 0.0
Total Usage 0 times
Category Code Utilities
0 chars
Presets:
Saved Collection
No saved bookmarklets yet. Generate one and click "Save to Collection".
Is this tool helpful?

Your feedback helps us improve.

About

A bookmarklet is a browser bookmark that stores a javascript: URI instead of a page URL. When clicked, it executes arbitrary JavaScript against the current page's DOM. The character limit varies by browser: Chrome handles roughly 2083 characters in the address bar, while Firefox tolerates significantly more. Exceeding these limits silently truncates your code, producing cryptic failures. This tool validates syntax via Function constructor parsing, minifies whitespace, wraps output in the javascript:void pattern to prevent page navigation, and generates a draggable anchor element ready for your bookmarks bar. It does not execute your code. Treat bookmarklets as unsigned scripts: they bypass Content Security Policy on some browsers and inherit the page's origin, so audit every snippet before deployment.

bookmarklet javascript bookmark browser tool code snippet bookmarklet generator bookmarklet maker

Formulas

The bookmarklet URI is constructed by wrapping user code in a void-returning IIFE to prevent the browser from navigating away from the current page:

javascript:void((function(){userCode})())

Minification applies a pipeline of transformations to reduce character count:

output = stripComments(collapseWhitespace(trim(input)))

Character count after encoding is critical. The final URI length L is calculated as:

L = len("javascript:void(") + len(encodedCode) + 1

Where encodedCode is the URI-encoded IIFE string. Syntax validation uses the Function constructor to parse without executing: new Function(code). A thrown SyntaxError indicates invalid JavaScript. This does not catch runtime errors or validate DOM API usage.

Reference Data

BrowserMax URI Lengthjavascript: SupportCSP Blocks BookmarkletsDrag-to-Bar SupportNotes
Chrome (v120+)2083 chars (address bar)YesSometimes (strict CSP)YesOmnibox truncation risk
Firefox (v121+)65536+ charsYesRarelyYesMost permissive
Safari (v17+)80000+ charsYesSometimesYesMust allow in preferences
Edge (Chromium)2083 charsYesSometimesYesSame engine as Chrome
Brave2083 charsYesOften (Shields)YesShields may interfere
Opera2083 charsYesSometimesYesChromium-based
Vivaldi2083 charsYesSometimesYesChromium-based
Arc2083 charsYesSometimesLimitedSidebar bookmark workflow
Tor Browser65536+ charsDisabled by defaultYes (strict)NoSecurity policy blocks most
IE 11 (Legacy)508 charsYesNo CSP supportYesExtremely limited length
Samsung Internet~2048 charsPartialSometimesNo (mobile)Mobile-only browser
iOS Safari80000+ charsYes (manual paste)SometimesNo drag (touch)Add via share sheet workaround

Frequently Asked Questions

Many modern websites deploy Content Security Policy (CSP) headers with script-src directives that block inline JavaScript execution. When a bookmarklet runs, it injects code as if it were an inline script. If the CSP forbids this origin, the browser silently drops the execution. Check the browser console for CSP violation messages. There is no workaround from the bookmarklet side; the policy is enforced by the target page's server.
Chromium-based browsers (Chrome, Edge, Brave, Opera) effectively limit the address bar to 2083 characters, though bookmarks stored via the API may hold more. Firefox supports 65536+ characters. For cross-browser safety, keep your minified bookmarklet under 2000 characters. This tool displays a live character count and warns you when approaching browser-specific thresholds.
If your code's last expression evaluates to a non-undefined value, the browser treats it as a new document body and navigates away, replacing the current page with that value's string representation. Wrapping in void(...) ensures the expression always returns undefined, preventing navigation. The IIFE provides a clean scope to avoid polluting the page's global namespace.
Yes. A bookmarklet executes in the security context of the current page's origin. It can read and write document.cookie, localStorage, sessionStorage, and make fetch requests as if it were native page script. This is why you must audit every bookmarklet before use. A malicious bookmarklet can exfiltrate authentication tokens to a third-party server.
This tool performs conservative minification: it strips single-line (//) and multi-line (/* */) comments, collapses consecutive whitespace into single spaces, and trims leading/trailing whitespace. It does not rename variables, remove semicolons, or rewrite AST nodes. The only risk is inside string literals containing intentional multi-space sequences, which is rare. Always test the minified output using the built-in syntax validator before deploying.
Mobile browsers lack a visible bookmarks bar. The workaround: (1) Bookmark any page. (2) Edit the bookmark. (3) Replace the URL with the javascript: URI. (4) Save. On iOS Safari, you can also use the Share Sheet to add a bookmark, then edit its URL. This tool provides a copy-to-clipboard button specifically for this workflow. Drag-to-bar only works on desktop browsers.