DOM-based XSS

Alerts

• 220000-1 Disallow innerHTML/outerHTML assignments
• 220000-2 Review uses of appendChild
• 220000-3 Disallow document.write()/writeln()
• 220000-4 Review DOMParser.parseFromString with dynamic HTML/XML
• 220000-5 template.innerHTML with dynamic content
• 220000-6 Inline event handler built from dynamic data
• 220000-7 Disallow insertAdjacentHTML()
• 220000-8 DOM-based XSS (taint flow)
• 220000-9 DOM XSS via innerHTML (Angular)

Code