| Impossible lab frameset | renniepak | 11/27/2024 | HTML | 0 |
| Entities that are normalized for e | hackvertor | 7/12/2024 | JS | 0 |
| Characters that are valid JS variables | hackvertor | 4/29/2024 | JS | 0 |
| Entities that convert to less than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
| Attribute separators | tr3w | 5/6/2024 | HTML | 0 |
 141 | char not urlencoded (data+) | nu11secur1ty | 9/29/2024 | JS | 0 |
3 | Characters allowed between slashes | hackvertor | 4/8/2024 | JS | 0 |
20 | Difference between browser-supported handlers and Shazzer 'events' list | hansmach1ne | 1/5/2025 | JS | 0 |
| Window properties | hackvertor | 5/31/2024 | JS | 0 |
16 | Difference between browser-supported handlers and Shazzer 'all_browser_events' list | hansmach1ne | 1/5/2025 | JS | 0 |
25 | Loose comparison, characters appended which still result in type coercion | hansmach1ne | 1/6/2025 | JS | 0 |
| Entities that convert to greater than in a iframe srcdoc | hackvertor | 8/1/2024 | XSS | 0 |
| Characters allowed after parentheses | hackvertor | 4/1/2024 | JS | 0 |
| Characters that can break out of a single line comment | 0x999-x | 4/10/2024 | JS | 0 |
| JavaScript separators between function names | InsertScript | 4/2/2024 | JS | 0 |
| Characters that separate CSS properties | hackvertor | 4/2/2024 | HTML | 0 |
 25 | Characters allowed before optional chaining | hackvertor | 5/4/2024 | JS | 0 |
| Entities allowed between function calls | hackvertor | 6/29/2024 | XSS | 0 |
| Valid characters before domain 1 | avlidienbrunn | 4/10/2024 | XSS | 0 |
