search

swoops / eval_villain

A Firefox Web Extension to improve the discovery of DOM XSS.
GNU General Public License v3.0
249 stars 35 forks source link

[Feature Request]: Chromium support #4

Closed ItsIgnacioPortal closed 2 years ago

ItsIgnacioPortal commented 2 years ago

It'd be amazing if this had chromium support, as most other hacking add-ons are made for chromium

swoops commented 2 years ago

It'd be amazing if this had chromium support

I agree but Eval Villain relies on contentScripts.register and there is no support for that API on chrome.

If chrome gets that API I will be happy to port Eval Villain over.

Without contentScripts.register there would be a race condition between Eval Villain loading the user config and the target website executing something bad. In short, Eval Villain would miss trivial findings. I think DOM Invader avoids this race somehow by requiring the entire browser be restarted every time a configuration option is changed.

Feel free to leave this issue open in case someone else has the same idea. If someone sees that contentScripts.register has been added to chrome ping me and I will do the porting.

ItsIgnacioPortal commented 2 years ago

Got it. I'll be using DOM Invader on Chromium. It's still good that a Firefox alternative exists