Js Dom Stored Xss
Description
Detects potential DOM-based stored Cross-Site Scripting (XSS) vulnerabilities in JavaScript code where untrusted data is written to dangerous DOM properties or methods that can execute JavaScript. These vulnerabilities occur when malicious JavaScript code is stored and later executed through DOM manipulation methods like innerHTML or eval.
Detection Strategy
• Check for assignments or calls to dangerous DOM properties and methods (like innerHTML, outerHTML, eval)
• Analyze the values being assigned or passed to these dangerous sinks to verify if they contain potentially unsafe/unvalidated data
• Examine property access patterns where dangerous DOM properties are accessed and modified with untrusted content
• Flag cases where the data being assigned could contain executable JavaScript code without proper sanitization
• Consider the data flow to verify the source of values being assigned to these dangerous DOM properties
Vulnerable code example
// Get stored data that could be attacker-controlled
const storedPayload = localStorage.getItem("userInput");
// VULNERABLE: Directly writing stored data to DOM without sanitization
document.write(storedPayload); // Allows execution of malicious scripts✅ Secure code example
// Get stored data from localStorage
const storedPayload = localStorage.getItem("userInput");
// SAFE: Use DOMPurify to sanitize the input before insertion
const sanitizedPayload = DOMPurify.sanitize(storedPayload);
// Create a container element instead of using document.write
// SAFE: Use textContent to prevent script execution...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.