Guida pratica al DOM XSS: source, sink, location.hash, innerHTML, eval, postMessage, DOM Invader, SPA React/Vue/Angular e analisi client-side nel pentest.