Chrome extension for identifying insecure code
In a bid to help developers keep their websites clear of security holes, Google has built – and offered for free – a (currently experimental) Chrome extension called DOM Snitch.
The extension intercepts potentially dangerous JavaScript calls. “Once a JavaScript call has been intercepted, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues,” explains Radoslav Vasilev on Google’s Online Security blog.
Sounds like a good tool for all developers, but especially for those who are still unsure of their JavaScript coding capabilities and wish to be sure they are writing secure code.
By using it, not only can developers monitor the DOM modifications as they happen inside the browser, but they can also export the captured modifications in order to show them to and consult with co-workers.