Js Client Dom Xss
Description
Detects DOM-based Cross-Site Scripting (XSS) vulnerabilities in JavaScript code where unescaped or untrusted data is assigned to dangerous DOM properties like innerHTML. This can allow attackers to inject and execute malicious JavaScript code in the victim's browser context.
Detection Strategy
• Identifies assignments to dangerous DOM properties (like innerHTML, outerHTML) that can execute JavaScript
• Checks if the values being assigned contain unescaped or unfiltered data that could include malicious code
• Reports a vulnerability when untrusted content flows into these dangerous DOM sinks without proper sanitization
Vulnerable code example
// Get user input from URL search params
const userInput = new URLSearchParams(window.location.search).get('data');
// VULNERABLE: Direct assignment of unescaped user input to innerHTML
document.getElementById('output').innerHTML = userInput; // Attacker can inject <script> tags
// VULNERABLE: Using document.write with user-controlled input
...✅ Secure code example
// Get user input from URL search params
const userInput = new URLSearchParams(window.location.search).get('data');
// SECURE: Using textContent prevents HTML/script interpretation
document.getElementById('output').textContent = userInput; // Safe - text is escaped
// SECURE: Create element and append text node instead of document.write
div.textContent = userInput; // Safe - treats input as plain text...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.