Dom-Xss

Prototype pollution is one of those bug classes that sounds academic until you watch it turn a harmless config object into script execution. For a developer audience, the useful question is not “what is prototype pollution?” You probably already know the basics. The better question is: when does prototype pollution actually become XSS, and how does that compare to more direct XSS paths? That comparison matters because prototype pollution is rarely the last bug in the chain. It is usually the force multiplier. ...

Trusted Types is one of the few browser security features that actually changes developer behavior in a useful way. I like it because it goes after a common failure mode in front-end code: taking strings from somewhere untrusted and shoving them into dangerous DOM APIs like innerHTML, outerHTML, insertAdjacentHTML, or eval-adjacent sinks. That is exactly how a lot of DOM XSS happens in real apps. The short version: Trusted Types turns dangerous string-based DOM injection into a type-checked operation. Instead of passing raw strings into risky sinks, you pass special objects like TrustedHTML, usually created by a policy that sanitizes or validates the content first. ...