DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
created at Feb. 17, 2014, 9:48 p.m.
HTML5 Security Cheatsheet - A collection of HTML5 related XSS attack vectors
created at March 28, 2014, 8:42 a.m.
HTTPLeaks - All possible ways, a website can leak HTTP requests
created at April 17, 2015, 2:48 p.m.