TL;DR: XSS through client-side JS sinks (innerHTML, eval, document.write) rather than the server response.

Stub — to be filled in.

What it is

TODO

Preconditions / where it applies

TODO

Technique

TODO

Detection and defence

TODO

References

• https://portswigger.net/web-security/cross-site-scripting/dom-based