| Characters encoded by encodeURIComponent() | JorianWoltjer | 7/4/2025 | JS | 1 |
 14 | Active formatting elements | JorianWoltjer | 5/1/2024 | XSS | 0 |
1 | Characters that change length on .toLowerCase() | JorianWoltjer | 4/11/2024 | JS | 1 |
4 | Entities allowed between two forward slashes | InsertScript | 9/19/2024 | XSS | 1 |
| Characters allowed in colon entity | InsertScript | 9/19/2024 | XSS | 0 |
| Character that closes HTML tag | InsertScript | 4/2/2024 | HTML | 0 |
1 | characters allowed between exclamation mark and greater then | InsertScript | 6/18/2024 | HTML | 0 |
31 | Characters appended at the end of TLD within URL, which yield in the same host property | InsertScript | 1/10/2025 | JS | 0 |
30  30 | Characters prepended to URL, which yield in the same host property | InsertScript | 1/10/2025 | JS | 0 |
| Characters prepended to URL host. check if difference between URL and a tag | InsertScript | 1/10/2025 | JS | 0 |
| characters after slash that make a http protocol | InsertScript | 4/3/2024 | XSS | 0 |
| Character allowed after onerror event | InsertScript | 4/2/2024 | XSS | 0 |
| JavaScript separators between function names | InsertScript | 4/2/2024 | JS | 0 |
| HTML-Encoded Attribute Escape | IDKdir | 7/13/2024 | XSS | 0 |
6 6 | ToUpperCase Improper Character Morphing | IDKdir | 7/13/2024 | JS | 1 |
1.1k | Mutated XSS Attributes | IDKdir | 7/13/2024 | XSS | 0 |
| Host | IDKdir | 7/15/2024 | JS | 0 |
| React DOM src | IDKdir | 7/15/2024 | JS | 0 |
29 | Non-standard characters that break JSON.parse() | DreyAnd | 11/15/2024 | JS | 1 |
8 | Characters that expand upon toUpperCase() | DreyAnd | 4/10/2024 | JS | 0 |
