Untrusted Types for DevTools

Untrusted Types for DevTools is a Chrome extension developed by Thomas Orlita. According to the data from Chrome web store, current version of Untrusted Types for DevTools is 1.1.1, updated on 2021-10-12.
1,000+ users have installed this extension. 3 users have rated this extension with an average rating of .

Abusing Trusted Types to discover XSS sinks.

Discover and test inputs passed into sinks that could lead to DOM XSS vulnerabilities.

A sink is a code pattern that could run arbitrary JavaScript code if the input is malicious, for example: innerHTML, eval, document.write.

This extension adds a panel to DevTools where you can see/filter the sink logs and customize settings.

Keywords (by default: "d0mxss") that are found to be passed in a sink will be highlighted in the extension and in console.

You can then find the stack trace of a specific log:
1. Click to copy the ID,
2. Open Console>Filter and paste the ID,
3. Now you can inspect the stack trace. Click on the function name to open it in the Sources tab.