|
|
|
|
|
|
by thephyber
3296 days ago
|
|
|
> Lastly, “DOM-based XSS” attacks occur purely in the browser when client-side JavaScript echoes back a portion of the URL onto the page. This Google Doc has tracked almost all "sinks" and "sources" for DOM-based XSS[1]. They aren't by any means limited to the URL (usually accessed by the `document.location` object). [1] https://docs.google.com/spreadsheets/d/1Mnuqkbs9L-s3QpQtUrOk... |
|
|