Untrusted Types for DevTools
Abusing Trusted Types to discover XSS sinks.
What is Untrusted Types for DevTools?
Stats
Chrome-Stats Rank
Other platforms
Summary
Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.
A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.
This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.
Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.
You can then find the stack trace of a specific log:
- Click to copy the ID,
- Open Console>Filter and paste the ID,
- Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.
User reviews
Safety
Risk impact
Untrusted Types for DevTools is risky to use as it requires a number of sensitive permissions that can potentially harm your browser and steal your data. Exercise caution when installing this extension. Review carefully before installing. We recommend that you only install Untrusted Types for DevTools if you trust the publisher.
Risk likelihood
Untrusted Types for DevTools has earned a good reputation and can be trusted.
Screenshots
Similar extensions
Here are some Chrome extensions that are similar to Untrusted Types for DevTools: