Untrusted Types for DevTools
Extended version of the original untrusted-types extension with new features:
- UI interface in Chrome DevTools
- Filter by sink type / code
- Preserve/clear log
- Syntax highlighted input code
- Modify settings
Description
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This Chrome extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in the console.