DOMXSS Scanner is an online tool to scan source code for DOM based XSS vulnerabilities
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
static removed media queries Feb 17, 2016
templates embed video playlist with iframe Feb 17, 2016
tests fixed encoding problems Nov 28, 2011
.gitignore - changed CSS Feb 11, 2011 added basic install instructions Feb 17, 2016
app.yaml file modes Feb 12, 2013 fixed encoding problems Nov 28, 2011 file modes Feb 12, 2013

DOM XSS Scanner is an online tool that facilitates code review of web pages and JavaScript code for potential DOM based XSS security vulnerabilities.

Sample Results Page

Sample Results Page

Check your Web page

Learn more about the tool on the project's about page.


Clone this repository and download the Google App Engine SDK for Python. Extract the SDK archive and add aliases for the dev server and update programs, for example:

alias gae_pyserver='python PATH_TO_SDK/google_appengine/'
alias gae_update='python PATH_TO_SDK/google_appengine/ update'

Then start the dev server in the domxssscanner directory with the command:

gae_pyserver .

You can then access the application at http://localhost:8080/.