 1 | CSS inline property definition | hipotermia | 3/12/2025 | HTML | 0 |
 1 | Characters that starts element name | lUcgryy | 3/10/2025 | HTML | 0 |
1 | Escape inline double quote | lUcgryy | 3/7/2025 | XSS | 0 |
 4 | Characters allowed before the JavaScript protocol colon | RemakingEden | 3/3/2025 | XSS | 0 |
5 | Chars allowed between src and = in img tag | rootd4ddy | 3/2/2025 | XSS | 0 |
30 | Characters Allowed Between Protocol // and localhost Where Host Still Equals localhost | rootd4ddy | 3/2/2025 | JS | 0 |
| Url parsing diff b/w window.open and new URL | Sudistark | 2/21/2025 | JS | 0 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
5 5 | Tags that DO NOT support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
106 106 | Tags that support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
| Tags that get moved out of parent | hackvertor | 1/22/2025 | XSS | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
| Tags that get reordered in the DOM | hackvertor | 1/21/2025 | XSS | 0 |
| Malformed HTML comments | hackvertor | 1/17/2025 | XSS | 0 |
| Characters allowed before the JavaScript protocol | hackvertor | 1/16/2025 | XSS | 0 |
| Entities allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 1 |
| Characters allowed after slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed after colon which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Entities allowed between slashes using XSS type | hackvertor | 1/16/2025 | XSS | 0 |
