OWASP Periodic Table of Vulnerabilities - Cross-Site Scripting (XSS) - DOM-Based
Cross-Site Scripting (XSS) - DOM-Based
Root Cause Summary
Browser / Standards Solution
Generic Framework Solution
"Web 2.0" frameworks must expose an API for page creation/modification that does not use document.write/ln or allow dynamic data to be injected into innerHTML or similar DOM element attributes.
Custom Framework Solution
Custom Code Solution
Discussion / Controversy
DOM-Based Cross-Site Scripting is Sometimes referred to as “Type-0 XSS”.