In this section, we'll describe DOM-based denial-of-service vulnerabilities, look at which sinks can lead to this kind of vulnerability, and discuss ways to reduce your exposure to DOM-based DOS attacks.
DOM-based denial-of-service vulnerabilities arise when a script passes attacker-controllable data in an unsafe way to a problematic platform API, such as an API whose invocation can cause the user's computer to consume excessive amounts of CPU or disk space. This may result in side effects if the browser restricts the functionality of the website, for example, by rejecting attempts to store data in
localStorage or killing busy scripts.
The following are some of the main sinks can lead to DOM-based denial-of-service vulnerabilities:
In addition to the general measures described on the DOM-based vulnerabilities page, you should avoid allowing data from any untrusted source to dynamically pass data into problematic platform APIs.