Concerning DOM XSS (Document Object Model (DOM)-based Cross Site Scripting (XSS)) vulnerability detection in Web client, a detection algorithm for DOM XSS vulnerability based on dynamic taint analysis was proposed. By constructing DOM model and modifying Firefox SpiderMonkey script engine, a dynamic taint analysis method based on the bytecode was used to detect DOM XSS vulnerabilities. First, taint data was marked by extending the attribute of the DOM object class and modifying the string encoding format of SpiderMonkey. Then, the execution route of the bytecode was traversed to generate the tainted data set. After that, all the output points which might trigger DOM XSS attacks were monitored to determine whether the application contained the DOM XSS vulnerabilities. In the experiment, a DOM XSS vulnerability detection system containing a crawler was designed and implemented. The experimental results show that the proposed algorithm can effectively detect the DOM XSS vulnerabilities, and the detection rate is about 92%.