Home

DOMXSS Wiki

The DOMXSS Wiki is a Knowledge Base for defining sources of attacker controlled inputs and sinks which potentially could introduce DOM Based XSS issues. DOMXSS first being thoroughly documented in a paper by Amit Klein in 2005 has risen in relevance over the last years - nevertheless still lacking a central place for collecting information and knowledge about it.

The project aims top be this very place and to identify sources and sinks methods exposed by public, widely used javascript frameworks. The project is a work in progress and will be extended over time. Contributions are welcome.

Please use the sidebar menu to navigate contents.

This project is mainly maintained by Stefano Di Paola.

Warm thanks to the following active contributors:

Mario Heiderich
Frederik Braun
Giuseppe Trotta

Feel free to collaborate!

This project is sponsored by: http://www.mindedsecurity.com

.

Home
Sources
Sinks
- Direct Execution Sinks
- Set Object Sinks
- HTML Manipulation Sinks
- Style Sinks
  - CSSText Sink
- XMLHttpRequest Sink
- Set Cookie Sink
- Set Location Sink
- Control Flow Sink
- [Use of Equality And Strict Equality](Use of Equality And Strict Equality)
- Math.random Sink
- JSON Sink
- XML Sink
- [Common JavaScript libraries](Common JavaScript libraries)
  - jQuery sinks
String Manipulation Methods
Local DOMXSS
Finding DOMXSS
Object Shadowing
Filters
Glossary
References

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Home

DOMXSS Wiki

Feel free to collaborate!

Clone this wiki locally