Untrusted Types for DevTools in Chrome with OffiDocs

DESCRIPTION:

Run the Chrome online web store extension Untrusted Types for DevTools using OffiDocs Chromium online.

Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.

A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.

write.

This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.

Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.

You can then find the stack trace of a specific log: 1.

Click to copy the ID, 2.

Open Console>Filter and paste the ID, 3.

Now you can inspect the stack trace.

Click on the function name to open it in the Sources tab.

Additional Information:

- Offered by Thomas Orlita
- Average rating : 5 stars (loved it)
- Developer This email address is being protected from spambots. You need JavaScript enabled to view it.

Untrusted Types for DevTools web extension integrated with the OffiDocs Chromium online