{"id":13530047,"url":"https://github.com/cure53/H5SC","last_synced_at":"2025-04-01T17:31:46.750Z","repository":{"id":15472525,"uuid":"18205926","full_name":"cure53/H5SC","owner":"cure53","description":"HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors","archived":false,"fork":false,"pushed_at":"2022-02-23T16:46:20.000Z","size":5970,"stargazers_count":2873,"open_issues_count":2,"forks_count":420,"subscribers_count":151,"default_branch":"main","last_synced_at":"2025-03-31T01:07:48.911Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"https://html5sec.org/","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cure53.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-03-28T08:42:32.000Z","updated_at":"2025-03-24T15:14:54.000Z","dependencies_parsed_at":"2022-07-20T21:32:20.915Z","dependency_job_id":null,"html_url":"https://github.com/cure53/H5SC","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FH5SC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FH5SC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FH5SC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cure53%2FH5SC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cure53","download_url":"https://codeload.github.com/cure53/H5SC/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246680351,"owners_count":20816682,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T07:00:42.560Z","updated_at":"2025-04-01T17:31:46.723Z","avatar_url":"https://github.com/cure53.png","language":"JavaScript","readme":"HTML5 Security Cheatsheet\n====\n\nThis is the new home of the H5SC or HTML5 Security Cheatsheet. Here you will find three things:\n\n * A collection of HTML5 related XSS attack vectors\n * A set of useful files for XSS testing\n * A set of formerly hidden features useful for XSS testing\n\n## The XSS Vectors\n\nThe collection of XSS vectors can be found here: https://html5sec.org/\n\n## Useful Files\n\nWe published a list of files useful for XSS testing in various situations. Currently the following files are available:\n\n * https://html5sec.org/test.asf\n * https://html5sec.org/test.avi\n * https://html5sec.org/test.css\n * https://html5sec.org/test.dtd\n * https://html5sec.org/test.eml\n * https://html5sec.org/test.evt\n * https://html5sec.org/test.gif\n * https://html5sec.org/test.hlp\n * https://html5sec.org/test.hta\n * https://html5sec.org/test.htc\n * https://html5sec.org/test.html\n * https://html5sec.org/test.jar\n * https://html5sec.org/test.js\n * https://html5sec.org/test.json\n * https://html5sec.org/test.mpeg\n * https://html5sec.org/test.pdf\n * https://html5sec.org/test.sct\n * https://html5sec.org/test.svg\n * https://html5sec.org/test.swf\n * https://html5sec.org/test.vbs\n * https://html5sec.org/test.vml\n * https://html5sec.org/test.wbxml\n * https://html5sec.org/test.xbl\n * https://html5sec.org/test.xdr\n * https://html5sec.org/test.xml\n * https://html5sec.org/test.xsl\n * https://html5sec.org/test.xxe\n * https://html5sec.org/test.zip\n * https://html5sec.org/Test.class\n\nPull requests welcome, we store the files in the `/attachments` sub-folder.\n\n## Hidden Features\n\nThe H5SC currently has three \"hidden\" features\n\n * An RSS mode to test feed readers: https://html5sec.org/rss\n  * `/rss/+/` gives a unix timestamp 300 seconds in future (for ease use)\n  * `/rss/+123/` gives a unix timestamp 123 seconds in future\n  * `/rss/1234/` will serve a minimal rss feed until unix time is 1234. \n * A JavaScript function to return all vectors as string, isolated and numbered: Go [here](https://html5sec.org/) and execute `vectors()`\n * All H5SC vectors in [one text file](https://raw.githubusercontent.com/cure53/H5SC/master/vectors.txt) for easy copy \u0026 paste\n * A useful search API via GET\n  * Want all vectors related to `innerHTML`? Open https://html5sec.org/?innerHTML\n  * Want to link a specific vector? Open https://html5sec.org/#123\n * A redirect API resolving to a URL containing XSS payload\n  *  Data URI, no special status: https://html5sec.org/r/data/\n  *  Data URI, status code `307`: https://html5sec.org/r/data/307\n  *  JavaScript URI, status code `301`: https://html5sec.org/r/javascript/301\n  *  Supported status codes are: `301`, `302`, `303`, `307`, `308`, `999`\n  *  Supported schemes are: `data`, `javascript`, `jar`, `script` (redirecting to https://html5sec.org/%3cscript\u003ealert(1)%3c/script\u003e/)\n * More to come soon!\n \n","funding_links":[],"categories":["JavaScript","Introduction","Resources","Security"],"sub_categories":["XSS - Cross-Site Scripting","XSS"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcure53%2FH5SC","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcure53%2FH5SC","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcure53%2FH5SC/lists"}