101 - Language Javascript Common DOM Sources
Sources of variables under User Control
• document.URL
• document.documentURI
• location
• window.location
• document.location
Dangerous sinks for variables under User Control
• document.write()
• *.innerHTML()
• *.outerHTML()
• *.parseHTML()
• *.wrap() - From jQuery, which is not checked to be present
• *.html() - From jQuery, which is not checked to be present
• location
• window.location
• document.location