Difference between revisions of "OWASP Periodic Table of Vulnerabilities - Cross-Site Scripting (XSS) - DOM-Based"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
== Root Cause Summary ==
 
== Root Cause Summary ==
 
   
 
   
The root cause of DOM based XSS is allowing the DOM on the victim’s browser (client-side scripts such as JavaScript) to be manipulated or modified enabling an attacker to run JavaScript in the victim's browser. This differs from traditional cross-site scripting which occurs on the server-side code.
+
Client-side code (e.g. JavaScript) inserts attacker-controlled data into the DOM in a way that allows the data to be executed as functional code. Examples include using document.write, which can introduce SCRIPT nodes directly, and modifying innerHTML or other element attributes that can cause SCRIPT nodes to be generated or function definitions to be overwritten. DOM-Based XSS differs from other forms of cross-site scripting which are the result of vulnerable server-side code.
  
 
== Browser / Standards Solution ==
 
== Browser / Standards Solution ==
Line 29: Line 29:
 
== Discussion / Controversy ==  
 
== Discussion / Controversy ==  
  
DOM-Based Cross-Site Scripting 9XSS) is Sometimes referred to as “Type-0 XSS”.
+
DOM-Based Cross-Site Scripting is Sometimes referred to as “Type-0 XSS”.
  
 
== References ==  
 
== References ==  

Revision as of 03:03, 21 July 2013

Return to Periodic Table Working View

Cross-Site Scripting (XSS) - DOM-Based

Root Cause Summary

Client-side code (e.g. JavaScript) inserts attacker-controlled data into the DOM in a way that allows the data to be executed as functional code. Examples include using document.write, which can introduce SCRIPT nodes directly, and modifying innerHTML or other element attributes that can cause SCRIPT nodes to be generated or function definitions to be overwritten. DOM-Based XSS differs from other forms of cross-site scripting which are the result of vulnerable server-side code.

Browser / Standards Solution

None

Perimeter Solution

None

Generic Framework Solution

"Web 2.0" frameworks must expose an API for page creation/modification that does not use document.write/ln or allow dynamic data to be injected into innerHTML or similar DOM element attributes.

Custom Framework Solution

None

Custom Code Solution

None

Discussion / Controversy

DOM-Based Cross-Site Scripting is Sometimes referred to as “Type-0 XSS”.

References

OWASP - DOM Based XSS

DOM-based XSS

WASC - DOM Based Cross Site Scripting or XSS of the Third Kind

DOM based Cross-site Scripting vulnerabilities