logo

Database

Ts Client Dom Xss

Description

Detects DOM-based Cross-Site Scripting (XSS) vulnerabilities where unsanitized data is used in dangerous DOM manipulation methods or properties. This can allow attackers to inject and execute malicious JavaScript code in the victim's browser context.

Weakness:

371 - DOM-Based cross-site scripting (XSS)

Category: Unexpected Injection

Detection Strategy

    Look for DOM manipulation methods that can execute JavaScript like innerHTML, outerHTML, or document.write

    Check if the values passed to these DOM methods come from untrusted sources like user input or URL parameters

    Verify there is no proper sanitization or encoding of the data before it is used in the DOM manipulation

    Report a vulnerability if unsafe data flows into DOM sinks either through direct method calls or property assignments

Vulnerable code example

// DOM XSS vulnerability example
function displayUserInput() {
    const userInput = location.search.substring(1);  // Untrusted input from URL query string
    
    // VULNERABLE: Directly inserting user input into innerHTML
    document.getElementById('output').innerHTML = userInput;  // Attacker can inject malicious HTML/scripts
    
    document.write("<div>" + userInput + "</div>");  // Allows arbitrary HTML/JS injection...

✅ Secure code example

import DOMPurify from 'dompurify';

function displayUserInput() {
    const userInput = location.search.substring(1);  // Input from URL query string

    // SECURE: Using textContent prevents HTML/JS interpretation
    document.getElementById('output').textContent = userInput;
    // SECURE: If HTML is needed, sanitize with DOMPurify first...