[Owasp-leaders] OWASP DOM based XSS definition, which looked a little off

Giorgio Fedon giorgio.fedon at owasp.org
Wed Oct 23 21:25:29 UTC 2013


On 10/23/2013 11:05 PM, Achim wrote:
> opps, my point was not to stick on a single XSS definition, but on
> reflected, persistent and DOM-based. As these are problems on different places.
> All others are variants of these, as we know today.
Ops I misunderstood. Sorry Achim.

However I think that the cathegories are:

- XSS or generic XSS
- DomXSS

I would remove "stored" as a cathegory. Both can be non persistent or
persistent but this is an addtitional aspect that makes the previous
more critical (if persistent)

-- 
| Giorgio Fedon, Owasp Italy
|
| In Input Validation 
|            and Output Sanitization, 
|                                   We Trust
--
| Web: https://www.owasp.org/index.php/Italy
|_____________________________________________.



More information about the OWASP-Leaders mailing list