 3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
| Characters that can be inserted in the middle of the JS protocol name | cold-try | 4/15/2024 | XSS | 0 |
 1 | Characters that can be between < and script> | m10x | 11/12/2024 | HTML | 0 |
| Characters that are valid JS variables | hackvertor | 4/29/2024 | JS | 0 |
| Characters that act like new line or single line comment | hackvertor | 4/13/2024 | JS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
| Characters that act as parentheses | hackvertor | 6/24/2024 | JS | 0 |
| Characters that act as new lines in multi line strings | hackvertor | 6/20/2024 | JS | 1 |
| Characters that act as attribute quotes copy | freddyb | 5/31/2024 | XSS | 0 |
| Characters that act as attribute quotes | hackvertor | 5/28/2024 | XSS | 0 |
| Characters that act as array literals | hackvertor | 6/24/2024 | JS | 0 |
30 | Characters prepended to URL, which yield in the same host property | InsertScript | 1/10/2025 | JS | 0 |
| Characters prepended to URL host. check if difference between URL and a tag | InsertScript | 1/10/2025 | JS | 0 |
| Characters not urlencoded when using the shema part of the URL | d0ge | 9/24/2024 | JS | 0 |
| Characters not urlencoded when using the credentials part of the URL | hackvertor | 5/28/2024 | JS | 1 |
| Characters in-between square brackets that close cdata | hackvertor | 10/8/2024 | XSS | 0 |
| Characters ignored in strings when doing a non strict comparison | hackvertor | 6/18/2024 | JS | 0 |
| Characters ignored in an attribute name | hackvertor | 5/28/2024 | XSS | 0 |
| Characters ignored after backslash with multiline string | hackvertor | 6/18/2024 | JS | 0 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
