| Sign in

Dom Xss Test Cases Wiki Cheatsheet Project

Project Home Wiki

Search

Introduction
Sources

Sinks

Execution Sinks
Set Object Sinks
HTMLElement Sinks
Style Sinks

cssText Sink

XMLHttpRequest Sink
Set Cookie Sink
Set Location Sink
Control Flow Sink
Use of Equality And Strict Equality
Math.random Sink
JSON Sink
XML Sink
Common JavaScript libraries

jQuery

References

Updated Sep 17, 2010 by stefano....@gmail.com

References

[1] "DOM Based Cross Site Scripting or XSS of the Third Kind", A. Klein, 2005.

[2] "JavaScript Code Flow Manipulation, and a real world example advisory - Adobe Flex 3 Dom-Based XSS", O. Segal & A. Sharabani, A. Yogev, June 2008.

[3] Attacking_Rich_Internet_Applications, S. Di Paola & A. Kuza, 2008.

[4] Understanding Cookie Security , A. Kuza, February 22, 2008.

[5] Http Parameter Pollution , L. Carettoni S. Di Paola, 2009.

[6] W3C ClientSide Database

[7] W3C Web Storage

[8] Microsoft's Introduction to DOM Storage

► Sign in to add a comment

Powered by Google Project Hosting