Hacker News new | past | comments | ask | show | jobs | submit login
DOM Snitch: Google's passive in-the-browser reconnaissance tool (googletesting.blogspot.com)
116 points by abraham on June 21, 2011 | hide | past | favorite | 7 comments



Gmail stops working if you have DOM Snitch enabled.

I tried it but to be honest did not find it terribly useful. They seem to be using some very simple rules for best practices (like avoiding document.write). But it's nothing more than that (yet)


Sites might break when you have DOM Snitch enabled. You can always right click and put it in "Standby" mode, which should solve the problem. There are at least two known issues that can cause this, listed at https://code.google.com/p/domsnitch/wiki/KnownIssues. I don't know what might be causing it to break GMail, could be a lab or that it simply was never tested much with GMail.

I wouldn't really call them rules. The tool looks for use of dangerous JavaScript APIs and, when it detects them, it gives you more information, such as stack trace and arguments. That information should help someone determine if a particular use is insecure. Besides that it has some relatively simple logic to determine if a particular usage might be a security bug or not, which is indicated through different colors.


FWIW, Gmail does not seem to break for me when I use it there.


Does anyone have an example site they can link that will trigger DOM Snitch to do something? I've been unable to find a site that causes any visible change on the DOM Snitch tab or the offending page.


Are you sure you enabled "Passive" or "Invasive" mode and some of the modules?

Everything will be turned off when you install it. Once you change settings all new tabs will open with the new settings.


I'm going to uninstall it. I can't seem to get it to work in both my Dev and Stable channel instances (the table never updates). Also, my beloved middle mouse button behavior has changed. I hope future revisions make it worth while.


Tried it today. It slows down google chrome considerably.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: