-
Notifications
You must be signed in to change notification settings - Fork 69
References
Ohpe edited this page Jan 29, 2016
·
1 revision
- http://www.webappsec.org/projects/articles/071105.shtml "DOM Based Cross Site Scripting or XSS of the Third Kind", A. Klein, 2005.
- http://blog.watchfire.com/wfblog/2008/06/javascript-code.html "JavaScript Code Flow Manipulation, and a real world example advisory - Adobe Flex 3 Dom-Based XSS", O. Segal & A. Sharabani, A. Yogev, June 2008.
- http://www.ruxcon.org.au/files/2008/Attacking_Rich_Internet_Applications.pdf Attacking_Rich_Internet_Applications, S. Di Paola & A. Kuza, 2008.
- http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html Understanding Cookie Security , A. Kuza, February 22, 2008.
- http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf Http Parameter Pollution , L. Carettoni S. Di Paola, 2009.
- http://dev.w3.org/html5/webdatabase/ W3C ClientSide Database
- http://dev.w3.org/html5/webstorage W3C Web Storage
- http://msdn.microsoft.com/en-us/library/cc197062%28VS.85%29.aspx Microsoft's Introduction to DOM Storage
- Home
- Sources
-
Sinks
- Direct Execution Sinks
- Set Object Sinks
- HTML Manipulation Sinks
- Style Sinks
- XMLHttpRequest Sink
- Set Cookie Sink
- Set Location Sink
- Control Flow Sink
- [Use of Equality And Strict Equality](Use of Equality And Strict Equality)
- Math.random Sink
- JSON Sink
- XML Sink
- [Common JavaScript libraries](Common JavaScript libraries)
- String Manipulation Methods
- Local DOMXSS
- Finding DOMXSS
- Object Shadowing
- Filters
- Glossary
- References