Modules

Location hash (aka. fragment) spills into data URI content testing no-op Geolocation Spoof jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Hooking Storage Objects Number Properties exposed by the Window Object? jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. Can Do Not Track be bypassed using XHR ? HTTP Methods Supported by XHR Properties of LocalStorage TestHarness: Using Assertions in DomStorm TestHarness: XMLHttpRequest: setRequestHeader() name argument checks List of properties that doesn't need parenthesis Direct references to Window objects Element Node Setters Location unforgeable - Test Harness Can Cookie Setter be Hooked? XSS vectors without user interaction List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/) 2132 TestHarness: Allowed Request Headers by XHR jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Test XSS for jQuery jQuery-UI XSS via .dialog() method's "closeText" argument jQuery-UI XSS via .dialog() method's "title" argument [CVE-2010-5312] Can Navigator.UserAgent Be Spoofed? Knockout JS libraries vulnerable to data-bind injection List of constructors that refer to window w/o parenthesis Check document.domain Allowed Request Headers by XHR jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Geolocation Overriding Check document.domain jQuery UI .dialog() closeText property DOM XSS Sink. Jquery attribute equals selector + location.hash.slice(1) jquery 1.8.1 Jquery ID selector + location.hash Jquery class selector + hash.slice(1) Attribute Separators Does Iframe sandbox execute script inside child iframe? s chuang yu dun chuang yu dun Test jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. 123 123 jQuery-UI XSS via .dialog() method jQuery Migrate DOM XSS $("#<XSS>") [id selector] AngularJS Sandbox Bypasses jQuery Migrate DOM XSS $(".<XSS>") [Class selector] extended test for jquery selector xss jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector] Jquery ID selector + location.hash.slice(1) jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Getters & Setters for Element.prototype jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') jQuery Selectors Vulnerable to XSS https://passport.informatica.com/js/jquery.js https://passport.informatica.com/js/jquery.js Document Setters jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Configurability of Location Properties Testing jQuery 3.1 123 Updated jquery XSS attack jQuery-UI XSS via .dialog() method's "closeText" argument (short version)