| Characters allowed after slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| Characters allowed after malformed entities | hackvertor | 7/1/2024 | XSS | 1 |
| Entities allowed before slashes which result in an external URL | hackvertor | 1/16/2025 | XSS | 0 |
| HTML elements that parse differently when rendered | hackvertor | 4/19/2024 | XSS | 1 |
| Malformed HTML comments | hackvertor | 1/17/2025 | XSS | 0 |
| Entities allowed inside function name | hackvertor | 7/2/2024 | XSS | 0 |
 106  106 | Tags that support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
| Tags that DO NOT support HTML comments | hackvertor | 1/26/2025 | XSS | 0 |
1  1 | Characters allowed instead of equal sign | c3l3si4n | 4/28/2024 | XSS | 0 |
| Entities allowed as JS variables | hackvertor | 7/2/2024 | XSS | 1 |
| Characters ending XML Processing Instructions (WIP) | ola456 | 2/4/2025 | XSS | 0 |
5 | Chars allowed between src and = in img tag | rootd4ddy | 3/2/2025 | XSS | 0 |
| List of HTML elements that convert to arbitrary string | joaxcar | 4/10/2024 | XSS | 0 |
4 4 | Characters allowed before the JavaScript protocol colon | RemakingEden | 3/3/2025 | XSS | 0 |
1 1 | Escape inline double quote | lUcgryy | 3/7/2025 | XSS | 0 |
| characters after slash that make a http protocol | InsertScript | 4/3/2024 | XSS | 0 |
| Quotes | dogspyagent | 7/13/2024 | XSS | 0 |
| HTML-Encoded Attribute Escape | IDKdir | 7/13/2024 | XSS | 0 |
1 | Characters that can break out of an inline style with double quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
1 | Characters that can break out of an inline style with single quotes | 0xdef1ant | 7/13/2024 | XSS | 0 |
