Safari disagrees most often (20 vectors)
Vectors whose behaviour significantly changed, by month
Largest recorded change in browser behaviour
Characters that serve as a dot in a domain like example.com
The classic DOM element relationship test found in the blog post https://portswigger.net/research/dom-clobbering-strikes-back
Checks what characters can be added between "https://example.com" and /, while keeping the hostname "example.com"
Characters that can be after the opening angle bracket and still form a valid HTML element
Vector to check if any character can be used to ignore https:// scheme in URL
Characters that can precede the javascript protocol in html
Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
Vector to check if any characters are allowed between javascript and : to still result in a javascript url.
Looking for potentially a way to bypass the removal of < tags. (assume the <p> tags are being returned by the application)
Testing characters that still close a HTML comment
Characters that can be used to close or encapsulate HTML attribute values.
This vector shows what entities cause an external URL when used before an @