Modern web applications often require communication between multiple browsing contexts — windows, iframes, tabs, popups, or even workers.
The browser provides several APIs for this, each suited for different scenarios.

A complete reference for HTML <iframe> properties, attributes, methods, and events.

Purpose: Quick reference for headers that can override or indicate original request URL/path/host/proto. Useful for VAPT, debugging reverse proxies, and hardening.

• X-Original-URL — original path before rewrite (IIS, some middlewares)
• X-Rewrite-URL — original path used by IIS/mod_rewrite

APIs allow external applications or services to interact with the LLM, usually through REST or GraphQL endpoints.

This document collects quirks, odd behaviors, and security-relevant details in JavaScript useful for VAPT engineers.

throw/1/;

This cheatsheet summarizes URI schemes, their quirks, encoding tricks, and abuse potential.
Useful for a VAPT engineer’s quick recall.

| Scheme | Example | Quirks / Abuse Potential |

This document provides a high-level overview of major XML technologies. It's designed for developers who need a quick refresher on core concepts, common quirks, and practical examples.

The foundation. A markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable.

A reference of quirks, behaviors, and security-relevant properties in HTML5 + SVG, useful for penetration testing, payload crafting, and filter bypass research.

HTML Elements Parsing quirks - link mXSS CheatSheet

• The <animate> element in SVG is used to animate attributes of another SVG element.
• Host element = the element whose attribute is being animated.
  • If <animate> has no href, the parent element becomes the host.
  • If <animate href="#id"> is present, the host = the element with that ID.

JavaScript can technically be written using only Unicode escape sequences or Unicode homoglyphs. This makes code valid to the JS engine but unreadable or misleading to humans. It is often used in obfuscation, XSS payloads, or supply chain attacks.