Protecting Your Users Against DOM-Based XSS attacks
Cross-site scripting (XSS) is one of the most common ways
hackers attack websites. XSS vulnerabilities permit a malicious user to
XSS is the most common publicly reported security vulnerability, and part of
every hacker’s toolkit.
DOM-based XSS attacks have all the risks associated with
the other types of XSS attack, with the
added bonus that they are impossible to detect from the server side.
Any page that uses URI fragments is potentially at risk from XSS attacks.