Skip to content
This repository


Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

HTML5 Security Cheatsheet converted to plain text file

branch: master

Fetching latest commit…


Cannot retrieve the latest commit at this time

Octocat-spinner-32 jso.txt
Octocat-spinner-32 jso2txt.html


If you are a pentester, you surely know excellent HTML5 Security Cheatsheet. Most of attack vectors publishd there make perfect test cases for a pentest. However the site is generated on flight using JavaScript from XML files stored at HTML5 Security, so you can't use them directly. This HTML contains JavaScript that takes these XML files and outputs a plaintext list of vectors, one in a line, that can be used in tools like BurpSuite.

Sample output is also attached in jso.txt file. Note that the JSO website is updated with new vectors so you should regenerate the text file from time to time.

Something went wrong with that request. Please try again.