Add 29 DOM XSS test cases covering diverse client-side injection patterns

[Copilot]

Expands DOM XSS coverage from 6 to 35 test cases, adding various patterns from simple to advanced complexity as requested.

Changes

Simple DOM manipulation (levels 7-11, 16)

• innerHTML/outerHTML with location.hash and query params
• Element attribute injection (img.src, a.href)
• innerText to script tag

Browser object reflection (levels 12-14, 26-28)

• document.cookie, window.name, document.referrer, document.URL
• location.search, location.pathname

Advanced injection vectors (levels 15-25, 29-35)

• DOM APIs: insertAdjacentHTML, setAttribute, createContextualFragment, DOMParser, execCommand
• Code execution: setTimeout/setInterval strings, Function constructor, eval template literals
• Complex flows: JSON.parse → innerHTML, postMessage handler, multi-param concatenation, DOM clobbering
• javascript: protocol injection

Example

Level 22 demonstrates JSON parsing vulnerability:

Xssmaze.push("dom-level22", "/dom/level22/", "JSON.parse + innerHTML (query param)")
get "/dom/level22/" do |_|
  "<div id='output'></div>
  <script>
      const urlParams = new URL(location.href).searchParams;
      const query = urlParams.get('query');
      try {
          const data = JSON.parse(query);
          document.getElementById('output').innerHTML = data.message
      } catch(e) {
          document.getElementById('output').innerHTML = 'Invalid JSON'
      }
  </script>"
end

Payload: /dom/level22/?query={"message":"<img src=x onerror=alert(1)>"}

Coverage

• 57% query parameter sources
• 26% location.hash sources
• 17% browser object/location property sources
• 20+ distinct dangerous APIs/sinks covered

Original prompt

dom xss 케이스를 여러개 추가하자. 아주 간단한 단계부터 추가해줘. 다양한 형태를 잡을 수 있도록 여러가지 패턴으로 구성하자.

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.