|
|
|
|
|
|
by guypod
3296 days ago
|
|
|
You're right, I tried to keep this section as brief as I could. DOM Based XSS could happen from any source, but the hardest-to-detect (and very common) variant is using the fragment (the part after the #) to inject the payload, which is never sent to the user. |
|
|