DOM-Based Cross-Site Scripting (DOM XSS) Explained

👍👍👍 and subscribe for more DOM XSS tutorials: https://www.youtube.com/channel/UC2vVVgKKzN-Gb_xeaUY0o-Q?sub_confirmation=1 Check out my best selling AppSec book: https://amzn.to/3pGO4Vz Check out my behind-the-scenes newsletter: https://www.andrewhoffman.me/newsletter/ DOM-based cross-site scripting (DOM XSS) is a form of cross site scripting first noted by Amit Klein in July 2005 in his paper "DOM Based Cross Site Scripting or XSS of a Third King: A look at an overlooked flavor of XSS". In this paper, Amit argues that reflected typically refers to XSS that bounces off of a server, stored typically refers to XSS where the payload persists in a database - but there are also XSS attacks where the source and sink both reside inside of the browser and in the DOM. These attacks he denotes as DOM XSS.