| All events on window | hackvertor | 5/31/2024 | JS | 1 |
 6 | Characters allowed before onerror events | hackvertor | 3/30/2024 | XSS | 0 |
| Tags that stop style | hackvertor | 4/9/2024 | HTML | 0 |
 1 1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
| Characters ignored in strings when doing a non strict comparison | hackvertor | 6/18/2024 | JS | 0 |
275 | Characters appended at the end of TLD within URL, which yield in the same Origin | hansmach1ne | 1/5/2025 | JS | 2 |
6 | Allowed characters right after tag name & before tag closure, no other characters in between | hansmach1ne | 1/9/2025 | XSS | 0 |
20 | Difference between browser-supported handlers and Shazzer 'events' list | hansmach1ne | 1/5/2025 | JS | 0 |
16 | Difference between browser-supported handlers and Shazzer 'all_browser_events' list | hansmach1ne | 1/5/2025 | JS | 0 |
25 | Loose comparison, characters appended which still result in type coercion | hansmach1ne | 1/6/2025 | JS | 0 |
1 | CSS inline property definition | hipotermia | 3/12/2025 | HTML | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
| Characters allowed in path traversal | joaxcar | 8/26/2024 | JS | 0 |
| DOM element relationships | joaxcar | 4/10/2024 | XSS | 0 |
2124 | Chars in href that will not default to full URL | joaxcar | 11/16/2024 | XSS | 0 |
| List of HTML elements that convert to arbitrary string | joaxcar | 4/10/2024 | XSS | 0 |
 1 | Characters that starts element name | lUcgryy | 3/10/2025 | HTML | 0 |
1 | Escape inline double quote | lUcgryy | 3/7/2025 | XSS | 0 |
| Characters to break out from eval string | m-boll | 5/12/2024 | JS | 0 |
 24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
