DOMPurify. DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
17kH5SC. HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
2.9kHTTPLeaks. HTTPLeaks - All possible ways, a website can leak HTTP requests
2.1kXSSChallengeWiki. Welcome to the XSS Challenge Wiki!
1.6kContracts. A small collection of potentially useful contract templates
435browser-sec-whitepaper. Cure53 Browser Security White Paper
300Flashbang. Project "Flashbang" - An open-source Flash-security helper
205Publications. A whole bunch of public pentest reports & papers
90jPurify. jPurify
65public-pentesting-reports. Curated list of public penetration testing reports released by several consulting firms
48mustache-security. Automatically exported from code.google.com/p/mustache-security
23DOMFortify. DOMFortify turns on Trusted Types for a page and quietly takes over the browser's default policy, so that old, vulnerable HTML sinks get auto-sanitized before bad markup ever hits the DOM.
20PastePurify. This is a tiny Chrome Extension that protects your from Clipboard XSS Attacks
19jsdelivr. A free Open Source CDN for webmasters and developers
5marked. A markdown parser and compiler. Built for speed.
5hashes. PHP hash "collisions"
4DefinitelyTyped. The repository for high quality TypeScript type definitions.
4crev-proofs. Crev proof repository
2roundcubemail. The Roundcube Webmail suite
2AppSecEurope2017.
1MOSS-Directory. A listing of people and projects involved in the Mozilla Open Source Support (MOSS) program
1