I know very well about the classic XSS vulnerabilities such as reflected & stored XSS. I have read a lot about DOM and DOM based XSS vulnerabilities. I came to an inference that there is nothing to do from the server side to prevent DOM based XSS since the attack vectors are never passed to the server side. Then how can we prevent these type of attacks?
Asked
Active
Viewed 1,894 times
0
-
1there are so many related questions that it would be impossible to link 'em all – The Illusive Man Sep 22 '14 at 11:06
-
I have edited the question after some research to avoid the duplication. – Anandu M Das Sep 22 '14 at 13:47
1 Answers
1
Definition taken from OWASP
DOM Based XSS (or as it is called in some texts, “type-0 XSS”) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.
This is in contrast to other XSS attacks (stored or reflected), wherein the attack payload is placed in the response page (due to a server side flaw).
