DOM XSS

If a user can control the executed code or HTML, a malicious user can send a crafted URL to a victim and control the executed code.

Vulnerable code examples

ECMAScript Template String

ECMAScript template strings should not be used for HTML templating.

Where firstName might be controlled by a malicious user.

Last updated