DOM based Cross-site Scripting vulnerabilities

While a traditional cross-site scripting vulnerability occurs on the server-side code, document object model based cross-site scripting is a type of vulnerability which affects the script code in the client’s browser.
DOM or the document object model is a way scripts can access the structure of a page in which they reside, and is used to manipulate the page content in WEB 2.0 applications. Like server-side scripts, client-side scripts can also accept user input which can contain malicious code. Therefore if the client-side script inputs are not properly sanitized, they can be prone to DOM XSS vulnerabilities.

Possible source of user inputs which can contain attack vectors are:

document.referer property
window.name property
location property

These user inputs, when used without proper sanitization can get into the code which is executed client-side, within the same context as the legitimate code from the server. The possible means by which an attack is executed are:

document.write or writeln
by changing the location with javascript: metaprotocol
by eval, setInterval or setTimeout functions

DOM based XSS examples
document.referrer property
The document.referrer property Is set by the browser and represents the page which linked to the current page. Consider the following HTML code:

<html>
<head>
<title>victim page</title>
</head>
<body>
<p>
You were sent here by:<script>document.write(document.referrer);</script>
</p>
</body>
</html>
If the document referrer string contains JavaScript code, this code will be executed in the current context.  To exploit this type of vulnerability an attacker must have an intermediate page from which (continue reading...)