 32 | Characters that can precede the javascript protocol copy | rcbarnett | 5/2/2024 | XSS | 0 |
 25 | Characters allowed before optional chaining | hackvertor | 5/4/2024 | JS | 0 |
| Characters that cause the backslash to be consumed with GBK charset | hackvertor | 11/7/2024 | XSS | 0 |
| Characters allowed after malformed entities | hackvertor | 7/1/2024 | XSS | 0 |
25 | Valid characters between function and parenthesis | felipecaon | 5/6/2024 | JS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
1 | Characters that can break out of an inline style with single quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
| Characters allowed after * in CSS comments | hackvertor | 3/31/2024 | HTML | 0 |
| Entities that convert to greater than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| Character that closes HTML tag | InsertScript | 4/2/2024 | HTML | 0 |
| Characters allowed in colon entity | InsertScript | 9/19/2024 | XSS | 0 |
31 | Characters allowed after greater than in events | hackvertor | 6/21/2024 | XSS | 0 |
| Characters not urlencoded when using the shema part of the URL | d0ge | 9/24/2024 | JS | 0 |
| Characters allowed between in operator | hackvertor | 4/3/2024 | JS | 0 |
| Valid characters before domain 1 | avlidienbrunn | 4/10/2024 | XSS | 0 |
4  4 | Characters that can break out of a single line comment | 0x999-x | 4/10/2024 | JS | 0 |
1 | Characters that can be between < and script> | m10x | 11/12/2024 | HTML | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
| Characters that can be inserted in the middle of the JS protocol name | cold-try | 4/15/2024 | XSS | 0 |
| Characters that act as attribute quotes | hackvertor | 5/28/2024 | XSS | 0 |
