Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.
Extore is a team of professionals who are passionate about creating extensions for web browsers. This devotion also gives us opportunity to appreciate work of other people. We get inspired by useful, open source extensions made by developers all over the world. Our strong belief is that one should share helpful add-ons with others. That’s why we’d like to present you our ever-growing list of favourite extensions that have inspired us. Moreover, as you probably have already learned, sometimes struggling for the best brings an end to the good. Talking about add-ons it often turns out that an upgrade is worse then previous version. Also it can become really tricky to get back to the beloved version of your favourite extension. That’s why we’re going to make not only the latest, but all versions of our favourite (and we hope yours too) add-ons available for download. No more compromises, just stick to the version you really like!