begood Posted April 26, 2010 Report Posted April 26, 2010 This project is an attempt to create a well maintained, informative and categorized cheat sheet to highlight HTML5 security issues and ways to avoid them. The project is meant to target web developers as well as security researchers and especially browser vendors since many of the problems we found are based on faulty or quirky implementations. Focus is on completeness, comprehensibility and timeliness as well as continuity - benefits many other related cheat sheets don't exactly provide. The core will be a frequently updated JSON file which you can download, mirror, host, fork, modify for own special purposes. We will also provide an eye-friendly HTML5 (haha) version of the cheat sheet showing the vectors and the detailed descriptions as well as providing click-to-see examples and more. X ...will be stored in JSON like this (storage format specs are not done yet): { id:1, type:2, name:'XSS via onscroll', data: 'X', description: 'A small vector displaying the HTML5 form and formac ... the supported browsers.', browsers:{'Opera':['10.5']}, payload:{'pos_1':'javascript:alert(1)'}, tags:['xss', 'html5', 'ff', 'gc'] } ...and finally displayed nicely on a HTML5 page using the JSON data. The main goal of the project is to be as open as possible. You have a new vector or issue to add? Just post a ticket and we will take care of it. You want to contribute to the JSON or other parts of the code base? Drop us a line and we will most probably add you as a committer. html5security - Project Hosting on Google Code Cei mai interesati de proiect, check this.//wtf is wrong with the the forum ? brb Quote