DOM XSS test cases

• document_write_hash.html - document.write with unfiltered value of location.hash. Sample exploit: document_write_hash.html#<img src=foo onerror=alert(123)>
• innerhtml_hash.html - assignment from hash to innerHTML. Sample exploit: innerhtml_hash.html#<img src=foo onerror=alert(123)>
• yuinode_hash.html - YUI's setHTML with location.hash. Sample exploit: yuinode_hash.html#<img src=bla onerror=alert(123)>
• jquery_append_hash.html - jQuery append with hash. Sample exploit: jquery_append_hash.html#<img src=foo onerror=alert(123)>
• jsonptest.html - PoC
• jsonptest_fixed.html - a fixed (properly escaped) version