| HTML entities inside JavaScript URL | hackvertor | 6/25/2024 | JS | 0 |
 1 | Characters that can break out of an inline style with double quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
127 | HTML TAGS Lists | Y4tacker | 1/3/2025 | XSS | 0 |
| HTML entities inside JavaScript URL before colon | hackvertor | 6/25/2024 | JS | 0 |
| Character that closes HTML tag | InsertScript | 4/2/2024 | HTML | 0 |
32 | Characters that can precede the javascript protocol copy | rcbarnett | 5/2/2024 | XSS | 0 |
3 | Characters allowed between slashes | hackvertor | 4/8/2024 | JS | 0 |
| Tags that stop style | hackvertor | 4/9/2024 | HTML | 0 |
4  4 | Characters that can break out of a single line comment | 0x999-x | 4/10/2024 | JS | 0 |
| Window properties | hackvertor | 5/31/2024 | JS | 0 |
| Characters allowed after malformed entities | hackvertor | 7/1/2024 | XSS | 0 |
25 | Valid characters between function and parenthesis | felipecaon | 5/6/2024 | JS | 0 |
| test | 0x999-x | 4/10/2024 | JS | 0 |
 1 1 | XSS vectors that execute automatically inside math | hackvertor | 4/17/2024 | XSS | 0 |
| React DOM src | IDKdir | 7/15/2024 | JS | 0 |
1143 | Mutated XSS Attributes | IDKdir | 7/13/2024 | XSS | 0 |
| Properties are accessible in a sandboxed iframe | hackvertor | 6/7/2024 | JS | 0 |
| Attribute separators | tr3w | 5/6/2024 | HTML | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
