The logic behind the dom xss is that an input from the user source goes to an execution point sink.
This attack can be considered riskier and it provides more damage. In the example of a dom based xss attack however there is no malicious script inserted as part of the page. This will solve the problem and it is the right way to re mediate dom based xss vulnerabilities.
The logic behind the dom xss is that an input from the user source goes to an execution point sink. A dom based xss attack is possible if the web application writes data to the document object model without proper sanitization. For example if you want to use user input to write in a div tag element don t use innerhtml instead use innertext or textcontent.
For example it may be a script which is sent to the user s malicious email letter where the victim may click the faked link. What you need to understand though is that dom xss will appear when a source that can be controlled by the user is used in a dangerous sink.