| Entities allowed before slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
| test | 0x999-x | 4/10/2024 | JS | 0 |
| XSS vectors that execute automatically | hackvertor | 4/17/2024 | XSS | 0 |
| Entities allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
 14 | Active formatting elements | JorianWoltjer | 5/1/2024 | XSS | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
| Characters transformed when using uppercase | hackvertor | 11/18/2024 | JS | 0 |
| Characters allowed between < and element | felipecaon | 5/6/2024 | HTML | 0 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
1 | Characters that can break out of an inline style with single quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
 24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
30 | Characters Allowed Between Protocol // and localhost Where Host Still Equals localhost | rootd4ddy | 3/2/2025 | JS | 0 |
| HTML entities inside JavaScript URL before colon | hackvertor | 6/25/2024 | JS | 0 |
| Characters allowed after * in CSS comments | hackvertor | 3/31/2024 | HTML | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
| Tags that stop style | hackvertor | 4/9/2024 | HTML | 0 |
| Characters that can be inserted in the middle of the JS protocol name | cold-try | 4/15/2024 | XSS | 0 |
| Characters that act as attribute quotes | hackvertor | 5/28/2024 | XSS | 0 |
 1 1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
