Prevent DOM-based cross-site scripting vulnerabilities with Trusted Types Stay organized with collections Save and categorize content based on your preferences. DOM-based cross-site scripting (DOM XSS) happens when data from a user-controlled source (like a username, or a redirect URL taken from the URL fragment) reaches a sink, which is a function like eval() or a property setter like .innerHTML