Icon of program: DOM Snitch

DOM Snitch for Webware

Download now

Used DOM Snitch for Webware?

DOM Snitch Analysis

AI Assisted Content ·

Not written by CNET Staff.

DOM Snitch is a free browser add-on designed to enhance web security by monitoring and reporting suspicious activity within web applications. This tool primarily focuses on tracking Document Object Model (DOM) manipulations, which can help users identify potential vulnerabilities in web pages. By providing real-time alerts and detailed logs, it aims to assist developers and security enthusiasts in safeguarding their online experiences.

Top Recommended Alternative

The add-on operates seamlessly within popular web browsers, integrating with existing web development workflows. DOM Snitch's user-friendly interface allows for easy navigation through its features, including customizable settings for alert levels and reporting options. This flexibility enables users to tailor the monitoring process to their specific needs, making it a valuable resource for those concerned with web application security.

Icon of program: DOM Snitch

DOM Snitch for Webware

Download now

Used DOM Snitch for Webware?

Explore More

Full Specifications

GENERAL
Release
Latest update
Version
0
OPERATING SYSTEMS
Platform
Webware
Additional Requirements
None
POPULARITY
Total Downloads
1,790
Downloads Last Week
0
Report Software

Program available in other languages

Last Updated

Developer’s Description

By Google
Identify common unsecure practices and gain better understanding of transformations within the DOM.

What is DOM Snitch?

DOM Snitch is an experimental Chrome extension that enables non-security testers identify common bad practices when producing client-side code and security testers gain better understanding of the transformations that occur within the DOM.

Current capabilities

Ability to listen to DOM modification and collect debug data about those modifications

Ability to sort and group collected information as means to simplify the analysis process of this data

Ability to passively detect and mark as errors or warnings some easy to spot security issues, including:

Uses of user-controlled data that comes from either URL, referrer, or cookies while constructing DOM where the data is also checked for containing HTML escape characters (i.e. "')

Uses of scripts that are not hosted at the application's domain

Uses of scripts that would result in mixed content errors

Uses of invalid JSON syntax, resulting in the use of eval() as opposed to a much safer alternative function (e.g. JSON.parse())

Assignments of document.domain to anything but the application's original hostname value (as given by the browser at rendering time)

Ability to export all or subsets of collected data as plain text or through Google Docs

Download.com
Your review for DOM Snitch
Download.com

AI Assisted Content Disclosure

Content created and reviewed by Softonic with information obtained from Google, using AI.

CNET's editorial team was not involved in the creation of this content. Opinions, analysis and reviews were not provided by CNET.