Modules

Hooking Storage Objects jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. Properties of LocalStorage Knockout JS libraries vulnerable to data-bind injection testing no-op jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Element Node Setters Number Properties exposed by the Window Object? Direct references to Window objects Can Do Not Track be bypassed using XHR ? TestHarness: XMLHttpRequest: setRequestHeader() name argument checks Location unforgeable - Test Harness jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') List of constructors that refer to window w/o parenthesis Test XSS for jQuery jQuery-UI XSS via .dialog() method's "title" argument [CVE-2010-5312] Does Iframe sandbox execute script inside child iframe? extended test for jquery selector xss 123 jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. (2) jQuery Migrate DOM XSS $(".<XSS>") [Class selector] (new) Test jQuery Migrate DOM XSS $(".<XSS>") [Class selector] "><script src=https://xs90.xss.ht></script> XSS vectors without user interaction Attribute Separators test Geolocation Spoof Jquery ID selector + location.hash.slice(1) chuang yu dun List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/) test final Can Cookie Setter be Hooked? Jquery attribute equals selector + location.hash.slice(1) https://passport.informatica.com/js/jquery.js jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') 123 test SecurityPolicyViolationEvent Testing jQuery 3.1 Allowed Request Headers by XHR Check document.domain jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') jQuery Migrate DOM XSS $("#<XSS>") [id selector] test Global event handlers Location hash (aka. fragment) spills into data URI content jquery 1.8.1 TestHarness: Allowed Request Headers by XHR s Geolocation Overriding jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. sdf jQuery-UI XSS via .dialog() method's "closeText" argument jQuery UI .dialog() closeText property DOM XSS Sink. https://passport.informatica.com/js/jquery.js 2132 123 Configurability of Location Properties Can Navigator.UserAgent Be Spoofed? Jquery ID selector + location.hash chuang yu dun jQuery-UI XSS via .dialog() method jQuery Selectors Vulnerable to XSS AngularJS Sandbox Bypasses jQuery-UI XSS via .dialog() method's "closeText" argument (short version) HTTP Methods Supported by XHR List of properties that doesn't need parenthesis Getters & Setters for Element.prototype jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector] TestHarness: Using Assertions in DomStorm Updated jquery XSS attack test jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Jquery class selector + hash.slice(1) jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Jquery a[] xss Valid attribute separators Document Setters Check document.domain angry jquery proxy cookie Run domato fuzzer 1000000 times JQuery XSS test