Questions tagged [dom]

53 questions

votes

1 answer

Is Dom based XSS still a valid security concern in modern browsers?

I am trying to understand how DOM based XSS work, e.g. from this post, I managed to reproduce it in IE11, but e.g. Chrome and Firefox are immune at least against this exact example. What happens is that document.baseURI and similar objects do return…

web-browser xss dom

asked Oct 20 '19 at 17:42

Ilya Chernomordik

2,197
1
21
36

votes

2 answers

How can document.referrer be used for XSS?

A very simple example...

or I've tried simply sending the request and adding a referrer…

xss javascript dom

asked Aug 27 '14 at 06:10

Michael Blake

votes

1 answer

In what situations can element.setAttribute allow XSS?

Burp has identified a potential DOM XSS vulnerability: The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.href and passed to the 'setAttribute()' function of a DOM element In this example, the…

xss dom burp-suite

asked Oct 14 '16 at 09:30

paj28

32,736
8
92
130

votes

1 answer

XSS with escaped equal sign inside jQuery selector

Web-site uses jQuery 1.8.3 which has known XSS vulnerability in selector. (https://snyk.io/vuln/npm:jquery:20120206). It passes filtered and urldecoded document.location.hash (val2 below) value inside…

xss dom jquery

asked Jan 11 '19 at 13:18

Alex Velickiy

votes

2 answers

How is DOM XSS possible here?

I was looking at this website and trying to understand how this XSS is possible, but I just can't figure it out. Here's the URL: http://www.domxss.com/domxss/01_Basics/05_jquery_html.html?681973661

xss dom

asked Dec 26 '13 at 03:58

Michael Blake

votes

1 answer

Safe to render data directly to DOM from localStorage? XSS attack possible?

I read that localstorage is susceptible to XSS attacks. I currently store JSON Web Token (JWT) in localstorage, and I access and display data about the user through localstorage: var localstore = // localStorage object // On user login, server…

xss javascript html dom local-storage

asked May 10 '15 at 22:04

rublex

votes

1 answer

DOM based XSS inside src attribute

I have the following JavaScript code: var url= document.location.href; document.write("

"); I am able to inject code when I append e.g. ?b=a'onX=alert(1);' to the URL, but this only works in browsers where…

xss javascript dom

asked Nov 22 '16 at 01:33

Noahnder

votes

2 answers

Is this codes usage of document.location.toString() a DOM based XSS vulnerability?

I have come across the following JS code in multiple web applications. I think the reason for the popularity of this code snippet is this accepted answer on SO. Developers seem to be using this code a lot of switching menu tabs: var url =…

xss javascript dom jquery

asked May 24 '16 at 18:33

Rahil Arora

4,259
2
23
41

votes

2 answers

Limiting latter dom-based XSS when setting document.title

Given some JavaScript which modifies the page's title by taking in variable data document.title = someVariable I am looking to address dom based XSS while keeping the title fairly readable. Therefore, doing something like escape() or encodeURI()…

xss javascript dom

asked Feb 20 '15 at 04:39

Eric G

9,691
4
31
58

votes

2 answers

Exploiting XSS with window.name without iFrame

I know XSS is possible if the window.name is echoed onto the page, but from my understanding, this requires you to use an iFrame, but what if the page has clickjacking protection, stopping the page from being embedded in an iFrame? Is such an attack…

xss dom

asked Aug 08 '14 at 10:02

Michael Blake

votes

0 answers

Is it safe to use DOMParser to parse client side XML files?

Some JavaScript frameworks or libraries use the DOMParser API to parse XML files from the client. Is it safe to do this? Malicious code can easily be embedded into the XML file (in either the definition of nodes or their attributes). Does DOMParser…

javascript dom

asked May 19 '16 at 17:22

Wilt

votes

1 answer

Dom based Xss Query - location.hash

I was just looking at Dom based xss and wondering if hash value is written to a variable in javascript context can lead to Cross site scripting. The code looks something like this: Is the above…

xss javascript dom url

asked Jun 22 '15 at 04:39

Sanchit Sharma

votes

1 answer

Can location.pathname lead to XSS?

I think that example would work, but anyway, if location.pathname has to be a valid page, can this be exploited? Edit: I'm mainly talking about if the user can't make up…

xss javascript dom

asked Aug 18 '14 at 09:15

Michael Blake

votes

1 answer

Security risks with setDomStorageEnabled(true) in Android?

What are the security risks associated with enabling setDomStorageEnabled(true) method? Reference.

javascript android dom

asked Jun 08 '16 at 08:58

bhartay

votes

1 answer

DAST Output in Burp and Understanding It

I have recently upgraded to the newest version of Burp which includes the new DAST tools. I am receiving reports from the tool that it has found DOM-Based Javascript Injection, but I am having troubles digesting the output: Data is read from…

javascript injection burp-suite dom

asked Oct 29 '18 at 17:16

NewDev

2 3 4 Next