DOM-based XSS - The 3 Sinks - Brute XSS

The most common type of XSS (Cross-Site Scripting) is source-based. It means that injected JavaScript code comes from server side to execute in client side. But there’s another main type, the DOM-based one, where injected malicious input does not come from server via reflected or stored means: XSS is generated in client side by native … Continue reading DOM-based XSS – The 3 Sinks

How DOM Based XSS Attacks work

DOM-based XSS - The 3 Sinks - Brute XSS

Testing for DOM XSS with DOM Invader - PortSwigger

Cross-Site Scripting(XSS) attack – Local Security Blog

DOM xss Part 2, innerHTML, location.search, portswigger

What is Cross-Site Scripting (XSS)? How to Prevent and Fix It

Uncovering Attacks: Cross-site Scripting (XSS)

Understanding DOM-Based XSS: Sources and Sinks, by FATH3AD

DOM XSS: principles, exploitations, security best practices