Info:
This is a DOM-Based XSS (Cross-Site Scripting) demo that can be used to learn about code injection, and how to prevent it. The demo takes the form of a mock HTML5 gaming website that has search functionality and in-game/platform currency.
Because of the nature of DOM-Based XSS attacks, this demo is presented here in
video form. But you can try it out yourself by running a local server with the code from the GitHub repo available below. Use the querystring to see what kind of JavaScript you can inject into the page. The code also includes commented out sections in the JavaScript which provide examples of santizing user controlled parameters in order to prevent injection attacks through the DOM.