I study types of xss.Now I’ve stopped at XSS DOM.
I'm testing everything on the updated dvwa(Damn Vulnerable Web Application).
www.xss/com/default=123% 253Cscript% 253Ealert('XSS')% 253C% 252Fscript% 253E
There is no need to do anything on the server side because the protection mechanism is on the client side.
Advise the methods of operation or in what direction to move?