Source \ Sink | Server-sideUnsafe handling of data server-side | Client-sideUnsafe handling in javascript |
---|---|---|
ReflectedUntrusted data is part of request | Reflected XSS | Reflected DOM-based XSS |
StoredUntrusted data is stored server side | Persistent XSS | Stored DOM-based XSS |
BrowserUntrusted data is never sent to server | - | DOM-based XSS |