101 - Language Javascript Common DOM Sources

Sources of variables under User Control


• document.URL
• document.documentURI
• location
• window.location
• document.location

Dangerous sinks for variables under User Control


• document.write()
• *.innerHTML()
• *.outerHTML()
• *.parseHTML()
• *.wrap() - From jQuery, which is not checked to be present
• *.html() - From jQuery, which is not checked to be present

• location
• window.location
• document.location