 32 | Characters that can precede the javascript protocol copy | rcbarnett | 5/2/2024 | XSS | 0 |
| Characters transformed when using lowercase | hackvertor | 11/18/2024 | JS | 0 |
14 | Active formatting elements | JorianWoltjer | 5/1/2024 | XSS | 0 |
| Characters that end unencapsulated HTML attribute values | ola456 | 5/14/2025 | XSS | 0 |
| Characters allowed between in operator | hackvertor | 4/3/2024 | JS | 0 |
| Scheme slash alternatives in URL() when a base is used | N25sec | 5/22/2025 | JS | 0 |
| Characters allowed before host name that are ignored | hackvertor | 6/11/2025 | XSS | 0 |
| Characters allowed between < and element | felipecaon | 5/6/2024 | HTML | 0 |
16 | Difference between browser-supported handlers and Shazzer 'all_browser_events' list | hansmach1ne | 1/5/2025 | JS | 0 |
1 | Characters that can break out of an inline style with single quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
 24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
2 2 | Characters that can be inside the javascript protocol caopyasdas | PinkDraconian | 6/17/2025 | XSS | 0 |
| Characters allowed after parentheses | hackvertor | 4/1/2024 | JS | 0 |
6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
| Tags that stop style | hackvertor | 4/9/2024 | HTML | 0 |
| Characters that can be inserted in the middle of the JS protocol name | cold-try | 4/15/2024 | XSS | 0 |
| Characters that act as attribute quotes | hackvertor | 5/28/2024 | XSS | 0 |
 1 1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
| Characters ignored in strings when doing a non strict comparison | hackvertor | 6/18/2024 | JS | 0 |
