| HTML tags that force HTML mode inside SVG | hackvertor | 8/2/2024 | XSS | 1 |
2 | HTML entities before JavaScript URL | hackvertor | 6/25/2024 | JS | 0 |
1 1 | XSS vectors that execute automatically inside svg | hackvertor | 4/17/2024 | XSS | 0 |
| Characters after strings | hackvertor | 4/3/2024 | JS | 0 |
3 | Characters allowed between slashes | hackvertor | 4/8/2024 | JS | 0 |
25 | Characters allowed before optional chaining | hackvertor | 5/4/2024 | JS | 0 |
| HTML elements that parse differently when rendered | hackvertor | 4/19/2024 | XSS | 1 |
| Entities allowed after slashes on a protocol relative URL | hackvertor | 7/6/2024 | JS | 0 |
| Characters that act as quotes or whitespace | hackvertor | 4/13/2024 | HTML | 0 |
25 25 | Characters allowed after optional chaining | hackvertor | 5/4/2024 | JS | 1 |
| Entities allowed between function call and number | hackvertor | 7/2/2024 | XSS | 0 |
| Entities allowed as JS variables | hackvertor | 7/2/2024 | XSS | 1 |
7 7 | Fuzzing weird script behaviour after script text | hackvertor | 7/18/2024 | XSS | 0 |
| Differences between escape vs encodeURIComponent | hackvertor | 10/15/2024 | JS | 0 |
| Characters that cause exceptions when URL encoded | hackvertor | 10/3/2024 | JS | 2 |
| Tags that remove the span or are self closing | hackvertor | 7/16/2024 | XSS | 0 |
| Characters that act like new line or single line comment | hackvertor | 4/13/2024 | JS | 0 |
| Consuming tags | hackvertor | 4/8/2024 | HTML | 1 |
| Characters allowed as a class separator | hackvertor | 4/13/2024 | XSS | 0 |
| Characters that act as attribute quotes copy | freddyb | 5/31/2024 | XSS | 0 |