The principle of DOM-based XSS vulnerability

Original: http://www.anying.org/thread-36-1-1.html reprint must indicate the original address

Lately I've seen a lot of people on the internet talking about XSS. I'm going to publish my own understanding of this piece by using the shadow platform.
In fact, many people are aware of the use of XSS, but many people have overlooked the reason for the existence of loopholes, in fact, the truth is that based on the DOM XSS is some API code audit is not strict, then I would like to organize the existence of DOM-based XSS attack API Bar.
Document.location
Document. Url
Document. urlunencoded
Document.referrer
Window.location
These APIs can be accessed through a specially designed URL to control the DOM data, so most of what we use is these, in fact, this kind of Dom XSS pop-up window can be used and harmful is not very large, mostly used for fishing or something, that is, users do not actively click on your URL you do not have any way.
Chasing the relevant data in the code, determining what the application does to her, and if the data is submitted to the following APIs, the application may be subject to XSS. In fact, these APIs are mainly used in form hijacking, when the user submits a form in which an XSS code is inserted then this produces what we call the storage type of XSS, the vulnerability exists a high risk factor, many are used for cookie theft, transaction form hijacking, Many in the black industry for the shopping station often use this way to hijack orders, to their own profits.
document.write ()
Document.writeln ()
Document.boby.innerHtml
Eval ()
Window.execscript ()
Window.setinterval ()
Window.settimeout ()
Next is the DOM-based XSS and some will be redirected attacks, redirect attacks can be very harmful, but the personal feeling that the way XSS is easily overlooked in many places, the previous period of time submitted 2 URL redirection of the vulnerability to Sina, but Sina does not care, I'm not going to say anything. But the harm to Sina such a station how much I believe that experienced people will know.
Document.location
Document. Url
Document.open ()
Window.location.href
Window.navigate ()
window.open
These are some of the DOM-based XSS attack Vulnerability API, I think these things listed can give you code audit when some help, at least know that XSS vulnerabilities often appear in some places, for these API calls should be given the corresponding security measures.
Then for XSS this attack way a lot of people feel defensive do not know how to do, in fact, it is very simple, when the user submits the data to determine whether get and post in the presence of <> ' "/These five kinds of symbols, basically shielding the five kinds of symbols then XSS threat capability is estimated to be much lower.
The article involved in the technical content is not much, mainly personal experience and some of the books to see some of the knowledge, sorting out after the publication of hope for everyone useful.

The principle of DOM-based XSS vulnerability