>>> DNS XSS through a proxy that forces Content-Type text/html. Used a TXT record as the payload.
>>> Invisible XSS payload crafting using Unicode zero-width characters as binary encoding.
>>> Leak arbitrary file contents via Python's ast.parse() filename parameter and traceback line context.
>>> Python jailbreak using _posixsubprocess to bypass the audit hook, with exit-code-based flag exfiltration.
>>> Exfiltrate data inside a closed shadow DOM using the deprecated -webkit-user-modify CSS property.
>>> Mako template injection
>>> SSTI using Mako and bypassing blacklist
