I just made three quick changes to the XSS cheat sheet as pointed out by Andrey Bayora. It looks like I made three typos in the event handlers (it’s weird no one else noticed for the last year and a half - including me!) Here are the typos that I’ve corrected:
onRowDelete() should have been onRowsDelete()
onRowInserted() should have been onRowsInserted()
onSynchRestored() should have been onSyncRestored()
So if anyone wrote filters based on those exact strings they should probably update them to match what they really should be. I haven’t seen these used in any actual attacks, but I wouldn’t risk it. Thanks to Andrey!