Indirect sources

(TBA)

Storage Object

HTML 5 Storage objects [ 1, 2, 3 ] can be considered an indirect source, since they can be used to store values from direct sources and use them later insecurely.

Indirect source objects are:

localStorage
sessionStorage
IndexedDB (mozIndexedDB, webkitIndexedDB, msIndexedDB)
Database (Safari Only)

Server Response Sources

Previously server side stored data could be used by an attacker to send untrusted input to JavaScript.

(TBF)

.

Home
Sources
Sinks
- Direct Execution Sinks
- Set Object Sinks
- HTML Manipulation Sinks
- Style Sinks
  - CSSText Sink
- XMLHttpRequest Sink
- Set Cookie Sink
- Set Location Sink
- Control Flow Sink
- [Use of Equality And Strict Equality](Use of Equality And Strict Equality)
- Math.random Sink
- JSON Sink
- XML Sink
- [Common JavaScript libraries](Common JavaScript libraries)
  - jQuery sinks
String Manipulation Methods
Local DOMXSS
Finding DOMXSS
Object Shadowing
Filters
Glossary
References

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Indirect sources

Storage Object

Server Response Sources

Clone this wiki locally