FrameJammer DOM based XSS

Author:Hal Pawluk
Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste.

FrameJammer does not validate user input (Window.Location) and therefore it contains a DOM Based XSS vulnerability.


I did not contact with the author. His website is down and I am not in the possession of his contact information.

Relevant Pages

  • Re: DOM comparison utility
    ... Capture the DOM of the website later and save it ... Compare the two DOM structures so you could easily see what's ...
  • Re: TclDOM Tutorial
    ... The first place to start is the TclXML website: ... links to some examples and tutorials. ... All what I read on different websites is that DOM is used to read XML ... Is there any helpful website or tutorial that can explain how to use ...
  • Chemical Directory - XSS
    ... Chemical Directory v.unknown (doesnt say on website) ... Effected files: ... XSS Vulnerability via keyword variable: ...