Abusing Trusted Types to discover XSS sinks.
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.
Latest reviews
- (2021-08-31) Rizan Fauzi: fantastic tool! helps me display the xss dom sink in devtools console! Thanks
Statistics
Installs
1,297
history
Category
Rating
5.0 (3 votes)
Last update / version
2021-10-12 / 1.1.1
Listing languages
en