Open Sh4d0wHunt3rX opened 7 months ago
Hi, thanks for this script : )
I was comparing yours with this one which is only the list of sources and sinks: https://github.com/Sivnerof/Sources-And-Sinks-Cheatsheet
I noticed you wrote: WINDOWS_SOURCES="windows.name"
I'm not sure, but I guess it should be window.name
Also, I couldn't find these:
document.write() document.writeln() element.outerHTML element.insertAdjacentHTML element.onevent
The following jQuery functions are also sinks that can lead to DOM-XSS vulnerabilities:
add() after() append() animate() insertAfter() insertBefore() before() html() prepend() replaceAll() replaceWith() wrap() wrapInner() wrapAll() has() constructor() init() index() jQuery.parseHTML() $.parseHTML()
Thanks : )
Thank you ! I've updated the list and fix the typo
I will look for the jquery one later (don't hesitate to make a PR otherwise)
Thank you so much ❤️
Hi, thanks for this script : )
I was comparing yours with this one which is only the list of sources and sinks: https://github.com/Sivnerof/Sources-And-Sinks-Cheatsheet
I noticed you wrote: WINDOWS_SOURCES="windows.name"
I'm not sure, but I guess it should be window.name
Also, I couldn't find these:
document.write() document.writeln() element.outerHTML element.insertAdjacentHTML element.onevent
The following jQuery functions are also sinks that can lead to DOM-XSS vulnerabilities:
add() after() append() animate() insertAfter() insertBefore() before() html() prepend() replaceAll() replaceWith() wrap() wrapInner() wrapAll() has() constructor() init() index() jQuery.parseHTML() $.parseHTML()
Thanks : )