
HTML5 Security Spreadsheet - arcatek
https://github.com/cure53/H5SC
======
chill1
I always find it very frustrating when I open up a github repository such as
this, but I am left having to poke around the source itself totally lost
trying to figure out what I am supposed to do to use it.

You already spent a lot of your time doing something you felt was good enough
to share. Please spend a fraction of that time putting together a simple step-
by-step how to for even the most basic use case.

Edit: Found a link in the Readme file to a useful page [1] of HTML5-specific
attack vectors and security adviseries. Still not sure what I am supposed to
get out of the repository itself, though.

[1] [https://html5sec.org/](https://html5sec.org/)

~~~
imdsm
Exactly. Even with rawgithub.com, it doesn't properly work.

People need to use [http://pages.github.com/](http://pages.github.com/) more.

------
jqueryin
Anybody else find it hilarious that when you navigate to
[https://html5sec.org/](https://html5sec.org/) they have a series of 3 XSS
alert() attack vectors at work?

~~~
patrikj
At first I thought it was intentionally done for demonstration purposes, but
now I'm just confused about the site.

~~~
arcatek
The author is using rawgithub.com to serve javascript files, but it seems that
they serve 'erroneous' files when used too much.

It's actually kinda funny, they even go up to redefine some Javascript
variables such as Infinity[1].

[1]
[https://github.com/kitcambridge/evil.js/](https://github.com/kitcambridge/evil.js/)

------
eplanit
Please fix title -- it is called a "Cheatsheet" in github. I see no
spreadsheet anywhere. Thanks.

------
camus2
"This website abuses rawgithub.com. You should complain to its owner."

is what I get?

~~~
8ig8
Raw Github author discussed the abuse issue recently...

[https://medium.com/the-javascript-
collection/9a61872c61cd](https://medium.com/the-javascript-
collection/9a61872c61cd)

------
radio4fan
Cheatsheet, perhaps?

