 1 | work | nu11secur1ty | 9/29/2024 | HTML | 0 |
1 | domain values | nu11secur1ty | 9/29/2024 | JS | 0 |
| test-id | made-pradipta_grabtaxi | 3/26/2025 | HTML | 0 |
 1 | Characters that can be between < and script> | m10x | 11/12/2024 | HTML | 0 |
| Characters to break out from eval string | m-boll | 5/12/2024 | JS | 0 |
24 | Characters that can be used in eval to write code in between | m-boll | 5/12/2024 | JS | 0 |
 1 | Escape inline double quote | lUcgryy | 3/7/2025 | XSS | 0 |
1 | Characters that starts element name | lUcgryy | 3/10/2025 | HTML | 0 |
2124 | Chars in href that will not default to full URL | joaxcar | 11/16/2024 | XSS | 0 |
| List of HTML elements that convert to arbitrary string | joaxcar | 4/10/2024 | XSS | 0 |
| DOM element relationships | joaxcar | 4/10/2024 | XSS | 0 |
| Characters allowed in path traversal | joaxcar | 8/26/2024 | JS | 0 |
3 | Characters that can be inside the javascript protocol | hipotermia | 1/22/2025 | XSS | 0 |
1 | CSS inline property definition | hipotermia | 3/12/2025 | HTML | 0 |
6 | Allowed characters right after tag name & before tag closure, no other characters in between | hansmach1ne | 1/9/2025 | XSS | 0 |
25 | Loose comparison, characters appended which still result in type coercion | hansmach1ne | 1/6/2025 | JS | 0 |
16 | Difference between browser-supported handlers and Shazzer 'all_browser_events' list | hansmach1ne | 1/5/2025 | JS | 0 |
20 | Difference between browser-supported handlers and Shazzer 'events' list | hansmach1ne | 1/5/2025 | JS | 0 |
275 | Characters appended at the end of TLD within URL, which yield in the same Origin | hansmach1ne | 1/5/2025 | JS | 2 |
| Characters allowed in-between hyphens | hackvertor | 4/14/2024 | XSS | 0 |
