Toggle navigation
DomStorm
Search
Create Module
Modules
All Modules
Helper Modules
Top Modules
Docs
Creating Test Harness Module
Creating a Enumeration Module
ECMAScript 5.1
Document Object Model
Mozilla Developer Network Docs
XMLHttpRequest
CORS
HTTP / 1.1 - RFC 2616
Browser Security Handbook
HTTP State Management Mechanism
GitHub
Login
@skeptic_fx
Ahamed Nafeez
Modules Created
Location hash (aka. fragment) spills into data URI content
testing no-op
Number Properties exposed by the Window Object?
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
Can Do Not Track be bypassed using XHR ?
HTTP Methods Supported by XHR
Properties of LocalStorage
TestHarness: Using Assertions in DomStorm
List of properties that doesn't need parenthesis
Direct references to Window objects
Element Node Setters
Location unforgeable - Test Harness
Can Cookie Setter be Hooked?
TestHarness: Allowed Request Headers by XHR
Knockout JS libraries vulnerable to data-bind injection
List of constructors that refer to window w/o parenthesis
Check document.domain
jQuery UI .dialog() closeText property DOM XSS Sink.
Attribute Separators
Does Iframe sandbox execute script inside child iframe?
AngularJS Sandbox Bypasses
Getters & Setters for Element.prototype
Document Setters
Configurability of Location Properties
Other Favorite Modules
Location hash (aka. fragment) spills into data URI content - By @skeptic_fx
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') - By @undefined
Hooking Storage Objects - By @undefined
Number Properties exposed by the Window Object? - By @skeptic_fx
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. - By @skeptic_fx
Can Do Not Track be bypassed using XHR ? - By @skeptic_fx
HTTP Methods Supported by XHR - By @skeptic_fx
Properties of LocalStorage - By @skeptic_fx
TestHarness: Using Assertions in DomStorm - By @skeptic_fx
TestHarness: XMLHttpRequest: setRequestHeader() name argument checks - By @ashishc9211
List of properties that doesn't need parenthesis - By @skeptic_fx
Direct references to Window objects - By @skeptic_fx
Element Node Setters - By @skeptic_fx
XSS vectors without user interaction - By @Psych0tr1a
Can Navigator.UserAgent Be Spoofed? - By @undefined
Knockout JS libraries vulnerable to data-bind injection - By @skeptic_fx
List of constructors that refer to window w/o parenthesis - By @skeptic_fx
Check document.domain - By @undefined
Allowed Request Headers by XHR - By @undefined
jQuery UI .dialog() closeText property DOM XSS Sink. - By @skeptic_fx
Attribute Separators - By @skeptic_fx
Does Iframe sandbox execute script inside child iframe? - By @skeptic_fx
jQuery-UI XSS via .dialog() method - By @Psych0tr1a
AngularJS Sandbox Bypasses - By @skeptic_fx
jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector] - By @Psych0tr1a
Getters & Setters for Element.prototype - By @skeptic_fx
Configurability of Location Properties - By @skeptic_fx