Skip to content
HTML5 Security Cheatsheet converted to plain text file
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.


If you are a pentester, you surely know excellent HTML5 Security Cheatsheet. Most of attack vectors publishd there make perfect test cases for a pentest. However the site is generated on flight using JavaScript from XML files stored at HTML5 Security, so you can't use them directly. This HTML contains JavaScript that takes these XML files and outputs a plaintext list of vectors, one in a line, that can be used in tools like BurpSuite.

Sample output is also attached in jso.txt file. Note that the JSO website is updated with new vectors so you should regenerate the text file from time to time.

Something went wrong with that request. Please try again.