After reading an article from German PHP Magazin about DOM based XSS attacks, I came up with the idea of building this online tool for scanning Web pages for potential DOM based cross-site scripting (XSS) security vulnerabilities.
This tool is meant for site owners and Web masters to check their pages source code with DOM XSS sources and sinks being highlighted to facilitate code review.
DOM XSS Scanner does not try to assess the security of given pages and does not currently include scripts dynamically loaded from other scripts. Those scripts can be scanned by submitting their URLs manually.
Improve DOM XSS Scanner
DOM XSS Scanner Coverage
Coverage of the DOM XSS Scanner tool elsewhere on the Web:
DOM XSS Scanner Building Blocks
- Beautiful Soup Python HTML/XML parser
- 960 CSS Grid System
- HTML5 Boilerplate and included libraries
- The webapp Framework with jinja2 Templates