DOM XSS
DOM XSS vulnerabilities exist when JavaScript reads attacker-controllable data and passes it to a dangerous sink.
Common sources
location.hashlocation.searchdocument.referrerpostMessagedata
Common sinks
innerHTMLdocument.writeeval
Use the xsspayloads playground to test payloads in isolated contexts.