Untrusted Types for DevTools

SUMMARY

Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.

A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.

This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.

Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.

You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.

The latest version of Untrusted Types for DevTools is available on the Chrome web and is currently being used by 1,000 active users. The initial version was launched on 2021-01-22.

HOW TO INSTALL Untrusted Types for DevTools FROM A CRX FILE

1. Download Untrusted Types for DevTools CRX file
2. NOTE: Sometimes the browser may block downloading / installing CRX file from outside the Chrome Web Store. If so, you may need to download the ZIP file instead
3. In the URL bar, go to chrome://extensions
4. Enable Developer mode

Ratings

USER REVIEWS (0)