| Url parsing diff b/w window.open and new URL | Sudistark | 2/21/2025 | JS | 0 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
 5  5 | Tags that DO NOT support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
106 106 | Tags that support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
| zwzzzwzwwzwzwwxzwz | nsysean | 1/25/2025 | HTML | 0 |
| Tags that get moved out of parent | hackvertor | 1/22/2025 | XSS | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
| Tags that get reordered in the DOM | hackvertor | 1/21/2025 | XSS | 0 |
| Malformed HTML comments | hackvertor | 1/17/2025 | XSS | 0 |
| Characters allowed before the JavaScript protocol | hackvertor | 1/16/2025 | XSS | 0 |
| Entities allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 1 |
| Characters allowed after slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed after colon which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Entities allowed between slashes using XSS type | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed between slashes using XSS type | hackvertor | 1/16/2025 | XSS | 0 |
| Characters prepended to URL host. check if difference between URL and a tag | InsertScript | 1/10/2025 | JS | 0 |
30 | Characters prepended to URL, which yield in the same host property | InsertScript | 1/10/2025 | JS | 0 |
31 | Characters appended at the end of TLD within URL, which yield in the same host property | InsertScript | 1/10/2025 | JS | 0 |
6 | Allowed characters right after tag name & before tag closure, no other characters in between | hansmach1ne | 1/9/2025 | XSS | 0 |
