Skip to content
HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
JavaScript Other
Branch: master
Clone or download

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
attachments # removed some deprecated files Mar 28, 2014
html Added Imprint / DS Links Apr 15, 2018
lib Fix path name to payloads.js file Jan 9, 2018
r Minor fixed in .htaccess Apr 1, 2014
rss Forgot to delete link.html in last commit. Apr 3, 2014
.gitignore #Initial commit Mar 28, 2014
LICENSE
README.md Update README.md Apr 3, 2014
bower.json add support for npm and bower so folks can use the payload data progr… Mar 28, 2014
categories.js add support for npm and bower so folks can use the payload data progr… Mar 28, 2014
items.js Fix #14 Jan 3, 2020
package.json add support for npm and bower so folks can use the payload data progr… Mar 28, 2014
payloads.js Added #144 Aug 13, 2015
vectors.txt Added vectors.txt Apr 3, 2014

README.md

HTML5 Security Cheatsheet

This is the new home of the H5SC or HTML5 Security Cheatsheet. Here you will find three things:

  • A collection of HTML5 related XSS attack vectors
  • A set of useful files for XSS testing
  • A set of formerly hidden features useful for XSS testing

The XSS Vectors

The collection of XSS vectors can be found here: https://html5sec.org/

Useful Files

We published a list of files useful for XSS testing in various situations. Currently the following files are available:

Pull requests welcome, we store the files in the /attachments sub-folder.

Hidden Features

The H5SC currently has three "hidden" features

You can’t perform that action at this time.