Reputation: 10637
What is DOM-based XSS?
DOM-based XSS is so poorly documented. I already know what reflected and stored XSS are.
Upvotes: 5
Views: 5295
Answers (3)
Reputation: 382656
Here are good resources for it:
DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.
Upvotes: 4
Reputation: 45568
See http://www.owasp.org/index.php/DOM_Based_XSS
Basically, it's an attack aganist client-side scripts that fetch data from GET strings, the url, the fragment identifier or something like that and put it into the page without escaping it.
Upvotes: 3
Related Questions
- What is a DOMString really?
- What is DOM element?
- What is DOM? (summary and importance)
- Are DOM based XSS attacks still possible in modern browsers?
- What is an "out of DOM" element?
- DOM based XSS is possible in this example?
- What exactly is "DOM-based XSS Attacks"?
- What is DOM generated code?
- DOM implementation in pure javascript?
- What does it mean by implementing a DOM