Additional information (do)


DOM (Document Object Model) is an API (Application Programming Interface) for HTML and XML documents. It is a way of describing the document-structure with the main purpose to give a guideline to how a HTML or XML document should be processed by an application like a webbrowser. Developers use the DOM to build documents in a way that is understandable (read: compatible) to appliccations that handle these documents. A website (or rather the complete code behind it) can be seen as such a document. Without the DOM, applications wouldn't know exacxtly how to handle the document and therefore, for example, a website might show up completely different when parsed by different webbrowsers.

DOM-based XSS-attack

DOM-based Cross-Site Scripting is a type of attack when data from a user controlled source reaches a sink (a function or property-setter handling the data) that can execute malicious code (certain functions and properties are vulnerable by itself to this kind of attack and a website developer should strive to avoid them). A DOM-based XSS attack typically happens fully on the client-side (browser) where a normal XSS-attack happens on the server-side: they occur in the content-processing stage performed by the clients' webbrowser, typically in JavaScript. For this reason a DOM-based XSS attack is not affected by security-measures on the server-side (because the malicious payload is stored in the browser environment after being passed-on by the server).
A Dom-based XSS-attack can steal a client's cookies or sessions, modify a client's cookies or sessions, steal a client's submitted form information or sensitive credentials and modify a client's submitted form data or information by intercepting the request before it reaches the server.

Social (and other) things: