While solutions for preventing server-side XSS are well known, DOM-based Cross-Site Scripting (DOM XSS) is a growing problem. The challenge is that XSS is easy to introduce, but challenging to detect.

This new security feature was developed with the intent to protect users against one of the three types of cross-site scripting flaws --namely DOM-based (or type-0) XSS.

DOM-based attacks are a misunderstood, serious, and pervasive source of risk in contemporary web applications. The language that drives the web, JavaScript, is easy to understand and hard to master; ...

Verizon patched late last year persistent- DOM-based cross-site scripting vulnerabilities in its Message+ messaging client that could allow an attacker to control a user’s session.