Use of document.domain
What does this mean ?
What can happen ?
Document domain manipulation occurs when a script sets the document.domain attribute using controlled data. An attacker might use the flaw to create a URL that, when visited by another application user, causes the response page to set an arbitrary document.domain value.
The best strategy to avoid DOM-based document domain manipulation vulnerabilities is to avoid dynamically setting the document.domain attribute with data from any untrusted source. If the document.domain attribute must be set programmatically from client-side code, the application should use a specified list of allowed values and assign only from that list.