Toggle navigation
DomStorm
Search
Create Module
Modules
All Modules
Helper Modules
Top Modules
Docs
Creating Test Harness Module
Creating a Enumeration Module
ECMAScript 5.1
Document Object Model
Mozilla Developer Network Docs
XMLHttpRequest
CORS
HTTP / 1.1 - RFC 2616
Browser Security Handbook
HTTP State Management Mechanism
GitHub
Login
Modules
Location hash (aka. fragment) spills into data URI content
testing no-op
Geolocation Spoof
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Hooking Storage Objects
Number Properties exposed by the Window Object?
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
Can Do Not Track be bypassed using XHR ?
HTTP Methods Supported by XHR
Properties of LocalStorage
TestHarness: Using Assertions in DomStorm
TestHarness: XMLHttpRequest: setRequestHeader() name argument checks
List of properties that doesn't need parenthesis
Direct references to Window objects
Element Node Setters
Location unforgeable - Test Harness
Can Cookie Setter be Hooked?
XSS vectors without user interaction
List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/)
2132
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Test XSS for jQuery
jQuery-UI XSS via .dialog() method's "closeText" argument
jQuery-UI XSS via .dialog() method's "title" argument [CVE-2010-5312]
Can Navigator.UserAgent Be Spoofed?
Knockout JS libraries vulnerable to data-bind injection
List of constructors that refer to window w/o parenthesis
Check document.domain
Allowed Request Headers by XHR
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Geolocation Overriding
Check document.domain
jQuery UI .dialog() closeText property DOM XSS Sink.
Jquery attribute equals selector + location.hash.slice(1)
jquery 1.8.1
Jquery ID selector + location.hash
Jquery class selector + hash.slice(1)
Attribute Separators
Does Iframe sandbox execute script inside child iframe?
s
chuang yu dun
Test
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
123
123
jQuery-UI XSS via .dialog() method
jQuery Migrate DOM XSS $("#<XSS>") [id selector]
AngularJS Sandbox Bypasses
extended test for jquery selector xss
jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector]
Jquery ID selector + location.hash.slice(1)
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Getters & Setters for Element.prototype
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
jQuery Selectors Vulnerable to XSS
https://passport.informatica.com/js/jquery.js
https://passport.informatica.com/js/jquery.js
Document Setters
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Configurability of Location Properties
Testing jQuery 3.1
123
Updated jquery XSS attack
jQuery-UI XSS via .dialog() method's "closeText" argument (short version)
TestHarness: Allowed Request Headers by XHR
chuang yu dun
jQuery Migrate DOM XSS $(".<XSS>") [Class selector]