| Entities allowed between slashes using XSS type | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed after slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
 4 | HTML elements that inherit properties which return the full URL | 0x999-x | 11/14/2024 | XSS | 0 |
| Tags that get moved out of parent | hackvertor | 1/22/2025 | XSS | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
106  106 | Tags that support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
| Tags that DO NOT support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
127 | HTML TAGS Lists | Y4tacker | 1/3/2025 | XSS | 0 |
5 | Chars allowed between src and = in img tag | rootd4ddy | 3/2/2025 | XSS | 0 |
| Entities in-between square brackets that close cdata | hackvertor | 10/8/2024 | XSS | 1 |
 4 | Characters allowed before the JavaScript protocol colon | RemakingEden | 3/3/2025 | XSS | 0 |
20 19 | HTML tags and attributes that can be used to access the URL | 0x999-x | 11/4/2024 | XSS | 1 |
32 | Characters that can precede the javascript protocol copy | rcbarnett | 5/2/2024 | XSS | 0 |
| Characters that can precede the javascript protocol copy2 | PinkDraconian | 11/7/2024 | XSS | 0 |
2124 | Chars in href that will not default to full URL | joaxcar | 11/16/2024 | XSS | 0 |
| Characters allowed in-between hyphens | hackvertor | 4/14/2024 | XSS | 1 |
30 30 | Characters allowed after equals sign for event | YouGina | 12/17/2024 | XSS | 1 |
| Entities allowed between function calls | hackvertor | 6/29/2024 | XSS | 0 |
| Valid characters before domain 1 | avlidienbrunn | 4/10/2024 | XSS | 0 |
