Latest version is maintained here: https://github.com/filedescriptor/untrusted-types/
Untrusted Types is a Chrome extension that abuses Trusted Types to log DOMXSS sinks.
It's based on filedescriptor's Untrusted Types extension and adds a DevTools panel that allows for easier filtering/searching of found sinks.
npm i
npm run build
- Go to
chrome://extensions
, enable Developer mode Load unpacked
, choose thepublic
folder