Toggle navigation
DomStorm
Search
Create Module
Modules
All Modules
Helper Modules
Top Modules
Docs
Creating Test Harness Module
Creating a Enumeration Module
ECMAScript 5.1
Document Object Model
Mozilla Developer Network Docs
XMLHttpRequest
CORS
HTTP / 1.1 - RFC 2616
Browser Security Handbook
HTTP State Management Mechanism
GitHub
Login
Modules
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Hooking Storage Objects
Number Properties exposed by the Window Object?
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
Can Do Not Track be bypassed using XHR ?
Properties of LocalStorage
TestHarness: XMLHttpRequest: setRequestHeader() name argument checks
List of constructors that refer to window w/o parenthesis
Direct references to Window objects
Element Node Setters
Location unforgeable - Test Harness
Knockout JS libraries vulnerable to data-bind injection
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Test XSS for jQuery
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
testing no-op
jQuery-UI XSS via .dialog() method's "title" argument [CVE-2010-5312]
jQuery Migrate DOM XSS $(".<XSS>") [Class selector]
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
XSS vectors without user interaction
Attribute Separators
extended test for jquery selector xss
Can Cookie Setter be Hooked?
Geolocation Spoof
Jquery ID selector + location.hash.slice(1)
Jquery attribute equals selector + location.hash.slice(1)
https://passport.informatica.com/js/jquery.js
Does Iframe sandbox execute script inside child iframe?
chuang yu dun
Test
List of all jQuery versions vulnerable to the Selector DOM XSS. (http://ma.la/jquery_xss/)
123
123
"><script src=https://xs90.xss.ht></script>
test
test
test
final
jQuery Migrate DOM XSS $(".<XSS>") [Class selector] (new)
SecurityPolicyViolationEvent
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs. (2)
Allowed Request Headers by XHR
Can Navigator.UserAgent Be Spoofed?
Check document.domain
Location hash (aka. fragment) spills into data URI content
Configurability of Location Properties
HTTP Methods Supported by XHR
TestHarness: Using Assertions in DomStorm
List of properties that doesn't need parenthesis
TestHarness: Allowed Request Headers by XHR
Document Setters
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
Getters & Setters for Element.prototype
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
jQuery Selectors Vulnerable to XSS
jQuery Versions Vulnerable to Selector XSS with class Attribute ('. XSS_VECTOR')
jQuery-UI XSS via .dialog() method
jQuery-UI XSS via .dialog() method's "closeText" argument
jQuery Migrate DOM XSS $("#<XSS>") [id selector]
jQuery Migrate DOM XSS $("a[href='<XSS>']") [Attribute equals selector]
Check document.domain
jQuery UI .dialog() closeText property DOM XSS Sink.
AngularJS Sandbox Bypasses
s
Geolocation Overriding
Jquery ID selector + location.hash
Jquery class selector + hash.slice(1)
jquery 1.8.1
https://passport.informatica.com/js/jquery.js
Testing jQuery 3.1
jQuery-UI XSS via .dialog() method's "closeText" argument (short version)
chuang yu dun
jQuery Versions Vulnerable to Selector DOM XSS via # aka Selector IDs.
2132
123
Updated jquery XSS attack
Jquery a[] xss
test
test
angry jquery
sdf
Global event handlers
Valid attribute separators
proxy cookie
Run domato fuzzer 1000000 times
JQuery XSS test