. https://www.zenedge.com/blog/the-hidden-dangers-of-client-side-content-injection

home.aspx
   

article
SHARESHARESHARE
THE HIDDEN DANGERS OF CLIENT SIDE CONTENT INJECTION FROM LEAD SOFTWARE QUALITY ASSURANCE ENGINEER & FIREWALL AS A SERVICE (FAAS) EXPERT
Introduction: Most endeavours people undertake are subject to the 80/20 principle, sometimes referred to as “the vital few and the trivial many”. Web application security may be said to also be subject to it - most of the attacks can be dodged by hiding the error messages and infrastructure information, getting the auth and session management right, following secure development practice cheatsheets that abound on the internet - the vital few. Having a Web Application Firewall (WAF) in front of your backend web server brings you to the home stretch (well almost… But not quite). A vulnerability that is immune to conventional WAF detection and prevention mechanisms exists and can be encountered on the internet - DOM based Cross Site Scripting (XSS), leveraging the URL anchor a.k.a fragment identifier (#). In this sense it is the “hidden”, the “sometimes forgotten”, it is part of those “20%”, that has the potential to bring you “80%” of your problems [1]. MINDAUGAS BERNATAVICIUS READ MORE