 16 | Difference between browser-supported handlers and Shazzer 'all_browser_events' list | hansmach1ne | 1/5/2025 | JS | 0 |
| Window properties | hackvertor | 5/31/2024 | JS | 0 |
| Entities that convert to greater than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| Properties that are accessible on location | hackvertor | 6/7/2024 | JS | 0 |
25 | Loose comparison, characters appended which still result in type coercion | hansmach1ne | 1/6/2025 | JS | 0 |
1 | characters allowed between exclamation mark and greater then | InsertScript | 6/18/2024 | HTML | 0 |
| Characters transformed when using lowercase | hackvertor | 11/18/2024 | JS | 0 |
| characters after slash that make a http protocol | InsertScript | 4/3/2024 | XSS | 0 |
| Impossible lab frameset | renniepak | 11/27/2024 | HTML | 0 |
| Entities still parsed in uppercase | hackvertor | 7/2/2024 | JS | 0 |
1 | Characters that can break out of an inline style with double quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
| Entities allowed between slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
| Characters allowed after parentheses | hackvertor | 4/1/2024 | JS | 0 |
| Characters after strings | hackvertor | 4/3/2024 | JS | 0 |
| Characters that separate CSS properties | hackvertor | 4/2/2024 | HTML | 0 |
| Chars allowed before domain | t0xodile | 9/24/2024 | XSS | 0 |
| Mutated XSS with img onerror | sqjor | 7/30/2024 | XSS | 0 |
1143 | Mutated XSS Attributes | IDKdir | 7/13/2024 | XSS | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
 1 1 | XSS vectors that execute automatically inside math | hackvertor | 4/17/2024 | XSS | 0 |
