<div>
<div class="content wysiwyg-content">
How to protect against DOM based attacks?<br />
<br />
This article:<br />
<a href="https://github.com/aspnet/Docs/blob/master/aspnetcore/security/cross-site-scripting.md" rel="ugc">https://github.com/aspnet/Docs/blob/master/aspnetcore/security/cross-site-scripting.md</a><br />
<br />
Holds a warning:<br />
<br />
[!WARNING] Don't concatenate untrusted input in JavaScript to create DOM elements. You should use createElement() and assign property values appropriately such as node.TextContent=, or use element.SetAttribute()/ele<wbr />ment[attri<wbr />bute]= otherwise you expose yourself to DOM-based XSS.<br />
<br />
My C# / MVC / Razor web app was written some time ago, with little worry for XSS.<br />
<br />
What key words shall I search for to assess the exposure to DOM based attacks?<br />
<br />
<br />
Thanks
</div>
</div>


How to protect against DOM based attacks?

This article:
https://github.com/aspnet/Docs/blob/master/aspnetcore/security/cross-site-scripting.md

Holds a warning:

[!WARNING] Don't concatenate untrusted input in JavaScript to create DOM elements. You should use createElement() and assign property values appropriately such as node.TextContent=, or use element.SetAttribute()/element[attribute]= otherwise you expose yourself to DOM-based XSS.

My C# / MVC / Razor web app was written some time ago, with little worry for XSS.

What key words shall I search for to assess the exposure to DOM based attacks?


Thanks

How to protect against DOM based attacks?

The successor to Active Server Pages, ASP.NET websites utilize the .NET framework to produce dynamic, data and content-driven web applications and services. ASP.NET code can be written using any .NET supported language. As of 2009, ASP.NET can also apply the Model-View-Controller (MVC) pattern to web applications

ASP.NET

The .NET Framework is not specific to any one programming language; rather, it includes a library of functions that allows developers to rapidly build applications. Several supported languages include C#, VB.NET, C++ or ASP.NET.

.NET Programming

JavaScript is a dynamic, object-based language commonly used for client-side scripting in web browsers. Recently, server side JavaScript frameworks have also emerged. JavaScript runs on nearly every operating system and  in almost every mainstream web browser.

JavaScript

C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).

Web development can range from developing the simplest static single page of plain text to the most complex web-based internet applications, electronic businesses, and social network services using a wide variety of languages and standards, including the familiar HTML, JavaScript and jQuery, ASP and ASP.NET, PHP, ColdFusion, CSS, PHP, Flex and Flash, but also the implementation of a broad list of standards including XML, WSDL, SSDL, VoiceXML and many more.