

HTML5 Security Cheatsheet - lukasz
http://heideri.ch/jso/

======
devinj
What is this, a cheatsheet for creating an HTML5 blacklist? Why would you ever
do such a thing?

~~~
abyssknight
Or perhaps a [:white, :grey, :black].sort_by{rand}.first hat attack vector
list? Penetration testers love this stuff, as do I. At my job, I educate
developers by documenting things like this. It helps them be aware of what
crazy stuff is out there.

------
pornel
Almost all of them can be prevented by escaping < and ".

~~~
IgorPartola
But not all of these can: <http://ha.ckers.org/xss.html>. This is an older,
but much more complete list.

------
syaz1
Holy crap, that is indeed very useful.

