All VectorsVector nameUser Created Type Likes 14 14 14 14Tags that get moved out of parenthackvertor1/22/2025XSS0⚠ Browser differences 10 11 10 11Tags that cause child tags not to be found in the DOMhackvertor7/18/2024HTML0 2 2 2 2Tags that HTML encode it's contentshackvertor7/16/2024XSS0⚠ Browser differences 6 5 6 5Tags that DO NOT support HTML commentshackvertor1/26/2025XSS0 25 25 25 25String trim whitepace characterspiprett5/16/2026JS2⚠ Browser differences 48 48 48 32Scheme slash alternatives in URL() when a base is usedN25sec5/22/2025JS0 1 1 1React DOM srcIDKdir7/15/2024JS0 1 1 1Quotesdogspyagent7/13/2024XSS0 1 1 1 1Properties that leak the parent URL even when sandboxedhackvertor6/6/2024JS0 5 5 5 5Properties that contain URLshackvertor5/31/2024JS2 1 1 1 1Properties that are accessible on locationhackvertor6/7/2024JS0 13 13 13 13Properties are accessible in a sandboxed iframehackvertor6/7/2024JS0 29 29 29 29Non-standard characters that break JSON.parse()DreyAnd11/15/2024JS1 106 106 106 106Named HTML entities that can be closed with !avlidienbrunn7/29/2025XSS2 1 1 1Mutated XSS with img onerrorsqjor7/30/2024XSS0 1.1k 1.1k 1.1kMutated XSS AttributesIDKdir7/13/2024XSS0 2 2 2 2Malformed HTML commentshackvertor1/17/2025XSS0 25 25 25Loose comparison, characters appended which still result in type coercionhansmach1ne1/6/2025JS1 2 2 2 2List of HTML elements that convert to arbitrary stringjoaxcar4/10/2024XSS0 16 16 16 16JavaScript separators between function namesInsertScript4/2/2024JS0Found 256 recordsPage 3 of 13«12345678910»
