All VectorsVector nameUser Created Type Likes⚠ Browser differences 6 5 6 5Tags that DO NOT support HTML commentshackvertor1/26/2025XSS0⚠ Browser differences 105 106 105Tags that support HTML commentshackvertor1/26/2025XSS0 14 14 14 14Tags that get moved out of parenthackvertor1/22/2025XSS0 3 3 3 3Characters that can be inside the javascript protocolhipotermia1/22/2025XSS0 108 108 108 108Tags that get reordered in the DOMhackvertor1/21/2025XSS0 2 2 2 2Malformed HTML commentshackvertor1/17/2025XSS0 32 32 32 32Characters allowed before the JavaScript protocolhackvertor1/16/2025XSS0 4 4 4 4Entities allowed before slashes which result in an external URLhackvertor1/16/2025XSS0 34 34 34 34Characters allowed before slashes which result in an external URLhackvertor1/16/2025XSS1⚠ Browser differences 48 48 48 32Characters allowed after slashes which result in an external URL hackvertor1/16/2025XSS0 2 2 2 2Characters allowed after colon which result in an external URLhackvertor1/16/2025XSS0 4 4 4 4Entities allowed between slashes using XSS typehackvertor1/16/2025XSS0 5 5 5 5Characters allowed between slashes using XSS typehackvertor1/16/2025XSS0 1 1 1Characters prepended to URL host. check if difference between URL and a tagInsertScript1/10/2025JS0 46 46 46Characters prepended to URL, which yield in the same host propertyInsertScript1/10/2025JS0 47 47 47 47Characters appended at the end of TLD within URL, which yield in the same host propertyInsertScript1/10/2025JS0 6 6 6Allowed characters right after tag name & before tag closure, no other characters in betweenhansmach1ne1/9/2025XSS0 25 25 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 1 1 1Difference between browser-supported handlers and Shazzer 'all_browser_events' listhansmach1ne1/5/2025JS0⚠ Browser differences 24 16 24Difference between browser-supported handlers and Shazzer 'events' listhansmach1ne1/5/2025JS0Found 253 recordsPage 4 of 13«12345678910»
