ZDNet

Google working on new Chrome security feature to 'obliterate DOM XSS'

Google has created a new browser API that will help Chrome fight certain types of cross-site scripting (XSS) vulnerabilities, adding another level of protection at the browser level to keep users safe ...
Network World

The what, who, when, where, why and how of XSS

JavaScript uses DOM, a hierarchical, object-oriented model, to map the elements within a Web page. DOM-based XSS attacks exploit the trust relationships in the DOM model. Once elements are parsed by ...