HTML5 Security Cheatsheet

Vectors making use of HTML5 features. Vectors working on HTML4 and older versions. Cascading stylesheet injection based vectors. Plain JavaScript vectors. E4X vectors working on gecko based browsers. Vectors attacking DOM properties and methods. JSON based vectors. Vectors embedded in SVG files. Vectors related to X(HT)ML. UTF7 and other exotic charset based vectors. Client side denial of service vectors. HTML behavior and binding vectors. Clickjacking and UI Redressing vectors.