RSnake, I didn’t even know this attack vector was in your cheat sheet and I have been through it loads of times – A table of contents might be cool.
Over the weekend I composed a simple AJAX applications to provide a better way of previewing all attack vectors from RSnake’s Cross-site scripting cheat sheet. RSnake has been working on it for quite long time and I really like what he has done so far.
I am planning to extend the attack database with some of my own findings, keeping the original database updated and intact. I am also working on some features that will allow user submissions so the community is able to provide some feedback as well.
Any comments and suggestions will be greatly appreciated. Currently XSSDB works in Firefox only. The application almost works in IE6 and IE7. There seams to be something wrong with Opera.