1. Open redirection
  2. Client-side XPath injection
  3. Ajax request-header manipulation
  4. Denial of service
  5. Client-side JSON injection
  6. Cookie manipulation
  7. Web message manipulation
  8. DOM-data manipulation
  9. JavaScript injection
  10. Document-domain manipulation
  11. Prototype Pollution
  12. WebSocket-URL poisoning
  13. DOM XSS
  14. Link manipulation
  15. Local file-path manipulation
  16. Client-side SQL injection
  17. HTML5-storage manipulation
  18. eval()
    1. setTimeout()
    2. setInterval()
    3. setImmediate()
    4. execCommand()
    5. execScript()
    6. msSetImmediate()
    7. range.createContextualFragment()
    8. crypto.generateCRMFRequest()
    9. Function()
  19. document.cookie
  20. sessionStorage
    1. sessionStorage.setItem()
    2. localStorage.setItem()
    3. indexedDB.open()
  21. executeSql()
  22. FileReader.readAsDataURL()
    1. FileReader.readAsArrayBuffer()
    2. FileReader.readAsBinaryString()
    3. FileReader.readAsFile()
    4. FileReader.readAsText()
    5. FileReader.root.getFile()
    6. FileReader.root.getFile()
  23. element.href
    1. element.src
    2. element.action
  24. extend + Merge
    1. location.href
    2. document.referrer
    3. location.search
    4. location.hash
  25. RegExp()
    1. requestFileSystem()
  26. document.write()
    1. document.writeln()
    2. document.domain
    3. element.innerHTML
    4. element.outerHTML
    5. element.insertAdjacentHTML
    6. element.onevent
    7. jQuery add()
    8. jQuery after()
    9. jQuery append()
    10. jQuery animate()
    11. jQuery insertAfter()
    12. jQuery insertBefore()
    13. jQuery before()
    14. jQuery html()
    15. jQuery prepend()
    16. jQuery replaceAll()
    17. jQuery replaceWith()
    18. jQuery wrap()
    19. jQuery wrap()
    20. jQuery wrapInner()
    21. jQuery wrapAll()
    22. jQuery has()
    23. jQuery constructor()
    24. jQuery init()
    25. jQuery index()
    26. jQuery jQuery.parseHTML()
    27. jQuery $.parseHTML()
  27. document.domain
  28. location
    1. window.location
    2. location.host
    3. location.hostname
    4. location.href
    5. location.pathname
    6. location.search
    7. location.protocol
    8. location.assign()
    9. location.replace()
    10. open()
    11. element.srcdoc
    12. XMLHttpRequest.open()
    13. XMLHttpRequest.send()
    14. jQuery.ajax()
    15. $.ajax()
  29. document.evaluate()
    1. element.evaluate()
  30. postMessage()
  31. element.setAttribute()
    1. script.src
    2. script.text
    3. script.textContent
    4. script.innerText
    5. element.setAttribute()
    6. element.search
    7. element.text
    8. element.textContent
    9. element.innerText
    10. element.outerText
    11. element.value
    12. element.name
    13. element.target
    14. element.method
    15. element.type
    16. element.backgroundImage
    17. element.cssText
    18. element.codebase
    19. document.title
    20. document.implementation.createHTMLDocument()
    21. history.pushState()
    22. history.replaceState()
  32. JSON.parse()
    1. jQuery.parseJSON()
    2. $.parseJSON()
  33. XMLHttpRequest.open()
    1. XMLHttpRequest.setRequestHeader()
    2. XMLHttpRequest.send()
    3. jQuery.globalEval()
    4. $.globalEval()
  34. WebSocket ()
  35. @infosec_90