Google has this week announced via its security blog a new tool its created called the DOM Snitch which is an experimental Chrome extension that enables developers to identify insecure practices commonly found in client-side code.
The new tool is a passive in-browser tool and once a JavaScript call has been detected within the client-side code, DOM Snitch records the document URL and a complete stack trace that will help assess if the intercepted call can lead to cross-site scripting, mixed content, insecure modifications to the same-origin policy for DOM access, or other client-side issues.
One of the great features on the DOM Snitch is the ability for the developer to see the DOM modifications as they happen inside the browser without the need to trawl through JavaScript code using a debugger or pause the execution of their application.
