DOM-based XSS is so poorly documented. I already know what is mirrored and stored by XSS.
Here are some good resources for him:
DOM XSS (, , "type-0 XSS" ) - XSS , DOM " " , script, " ". (HTTP , ) , , - - , DOM.
. http://www.owasp.org/index.php/DOM_Based_XSS
, , GET, URL-, - , .
Good description and example in OWASP