Add protection against DOM Clobbering to resolve OWASP#1733

elarlang · Nov 9, 2023 · 5004230 · 5004230
1 parent 6960254
commit 5004230
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/5.0/en/0x18-V10-Malicious.md b/5.0/en/0x18-V10-Malicious.md
@@ -53,10 +53,12 @@ Complying with this section is likely to be operational and continuous.
 | # | Description | L1 | L2 | L3 | CWE |
 | :---: | :--- | :---: | :---: | :---: | :---: |
 | **10.4.1** | Verify that the application explicitly ensures that variables are of the correct type and performs strict equality and comparator operations to avoid type juggling or confusion vulnerabilities caused by the application code making an assumption about a variable type. | ✓ | ✓ | ✓ | 843 |
+| **10.4.2** | Verify that the application avoids DOM clobbering when using client-side JavaScript by employing explicit variable declarations, performing strict type checking, avoiding storing global variables on the document object, and implementing namespace isolation. | | ✓ | ✓ | 79 |
 
 ## References
 
 For more information, see also:
 
 * [Hostile Subdomain Takeover, Detectify Labs](https://labs.detectify.com/2014/10/21/hostile-subdomain-takeover-using-herokugithubdesk-more/)
 * [Hijacking of abandoned subdomains part 2, Detectify Labs](https://labs.detectify.com/2014/12/08/hijacking-of-abandoned-subdomains-part-2/)
+* [Reference on Protecting against DOM Clobbering](https://domclob.xyz/domc_wiki/indicators/patterns.html#secure-patterns--guidelines)