untrusted-types icon indicating copy to clipboard operation
untrusted-types copied to clipboard
verified publisher icon filedescriptor

Notifications when a keyword is found

Open 0xblackbird opened this issue 3 years ago • 1 comments

Hello

I've been using this tool for quite a while now, and one thing that I feel is missing, is a notification once one of the predefined keywords are detected by untrusted-types. It would be extremely helpful, since untrusted-types only has an interface located in the developer tools. That way, I won't have to keep checking, or leave the developer tools open while looking for potential dom-based cross-site scripting issues.

Thanks!

0xblackbird avatar Jul 04 '22 18:07 0xblackbird

I've created a pull request that takes care of this issue: #11 Below is a screenshot that displays the notification once something is injected (don't mind the webpage's title :wink:): notification

If possible, we can further enhance the notification (by for example, displaying a more verbose message, or even for some cases a proof of concept link??)

0xblackbird avatar Jul 04 '22 20:07 0xblackbird