All VectorsVector nameUser Created Type Likes 1 1 1 1Injection in src attribute PORT, characters that change hostnamereindaelman6/15/2025JS1 32 32 32Characters that can precede the javascript protocol copyrcbarnett5/2/2024XSS0 1 1 1Characters allowed to break double quotesp3n7a90n6/30/2024XSS0 1 1 1Characters ending XML Processing Instructions (WIP)ola4562/4/2025XSS0 7 7 7 7Closing title tag name separatorsola4569/15/2025XSS0 5 5 5 5Characters that end unencapsulated HTML attribute valuesola4565/14/2025XSS0 7 7 7 7Characters that close or encapsulate HTML attribute valuesola45611/5/2024XSS1 1HTML vector nu11secur1ty9/29/2024HTML0 157 157 157char not urlencoded (data+)nu11secur1ty9/29/2024JS0 2 2 2char not urlencoded (data)nu11secur1ty9/29/2024JS0 1 1 1worknu11secur1ty9/29/2024HTML0 1 1 1domain valuesnu11secur1ty9/29/2024JS0 1 1 1Chars that can be used as opening bracket in innerHTMLnollium4/19/2025JS0 1 1 1Characters that can be between < and script>m10x11/12/2024HTML0 1 1 1 1Characters to break out from eval stringm-boll5/12/2024JS0 24 24 24Characters that can be used in eval to write code in betweenm-boll5/12/2024JS0 1 1 1Escape inline double quotelUcgryy3/7/2025XSS0 1 1 1Characters that starts element namelUcgryy3/10/2025HTML0⚠ Browser differences 2.1k 1 2.1kChars in href that will not default to full URLjoaxcar11/16/2024XSS0 2 2 2 2List of HTML elements that convert to arbitrary stringjoaxcar4/10/2024XSS0Found 245 recordsPage 2 of 13«12345678910»
