Skip to content


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
HTML5 Security Cheatsheet converted to plain text file
branch: master
Failed to load latest commit information. Google Code URL
jso.txt newer version


If you are a pentester, you surely know excellent HTML5 Security Cheatsheet. Most of attack vectors publishd there make perfect test cases for a pentest. However the site is generated on flight using JavaScript from XML files stored at HTML5 Security, so you can't use them directly. This HTML contains JavaScript that takes these XML files and outputs a plaintext list of vectors, one in a line, that can be used in tools like BurpSuite.

Sample output is also attached in jso.txt file. Note that the JSO website is updated with new vectors so you should regenerate the text file from time to time.

Something went wrong with that request. Please try again.