False positive on all websites

ollseg / ttt-ext

Chrome extension to aid in finding DOMXSS by simple taint analysis of string values.

82 stars 12 forks source link

False positive on all websites #1

Closed Neolex-Security closed 5 years ago

Neolex-Security commented 5 years ago

HI ! I have a false positive on every site I visit when I use your extension.

VM16:55 Tainted postMessage call: [object Object], https://www.google.fr/?t4inT3d.param=t4inT3d.value%22%27%3ch1%3Elol#!//t4inT3d.hash%22'%3ch1%3Elol addWarning @ VM16:55

ollseg commented 5 years ago

Could you try disabling all other extensions to see if that has any effect?

Neolex-Security commented 5 years ago

Oh yes, I just tried to remove extensions and disable one at the time and the issue comes from "Wappalyzer"