<![CDATA[DOM XSS isn’t always in the HTML.]]>DOM XSS isn’t always in the HTML.

Sometimes your input never appears in the Source because JavaScript is building the page.
Source → Sink → Execution in real-world DOM flows.

https://medium.com/@marduk.i.am/url-based-xss-c41d94090e6e

]]>https://board.circlewithadot.net/topic/fc2ab8de-ba0e-40db-83de-c49703e0a2db/dom-xss-isn-t-always-in-the-html.RSS for NodeFri, 15 May 2026 00:24:16 GMTWed, 22 Apr 2026 20:30:34 GMT60