[Owasp-leaders] OWASP DOM based XSS definition, which looked a little off

Achim achim at owasp.org
Wed Oct 23 21:05:36 UTC 2013


Am 23.10.2013 22:34, schrieb Giorgio Fedon:
> I think that keeping just a single definition of XSS is too generic.

opps, my point was not to stick on a single XSS definition, but on
reflected, persistent and DOM-based. As these are problems on different places.
All others are variants of these, as we know today.
Assuming we agree that server-side XSS (for example Node.js) is some kind of
code injection.

DOM-based is the most difficult (critical, as you said), that's why there was
a big effort to build
  https://www.owasp.org/index.php/DOM_based_XSS_Prevention_Cheat_Sheet

Do I still miss something?

Ciao
Achim


More information about the OWASP-Leaders mailing list