Huge thanks for this, Ivan; you've done some excellent work here (some of which I know was not easy) that will be useful to us and, hopefully, many others.
Cheers, mgoodwin ----- Original Message ----- From: "Ivan Alagenchev" <alagenc...@gmail.com> To: dev-security@lists.mozilla.org Sent: Thursday, August 29, 2013 3:43:30 AM Subject: java script tainting project is functionally equivalent to DOMinator Hello Everyone, I am pleased to announce that I have finally brought my volunteer project that adds string taint tracking to spider monkey to functional equivalence with the community edition of the DOMinator project https://dominator.mindedsecurity.com/. This was the original goal when we started. Mark Goodwin and I started this journey in December of last year and it has been a long and difficult process. The goal of the project was to add taint support for JSString objects in spider monkey. This can be used as the basis for a dynamic analysis framework, which can be used to detect DOM XSS vulnerabilities. Here is the tracking bug for it: https://bugzilla.mozilla.org/show_bug.cgi?id=811877. This achievement allows us to focus on a new goal - namely to improve the overall approach and performance of the framework, so that it can become an integral part of spider monkey one day. Jim Blandy will assist us in this new endeavor. There is a lot of work left ahead of us, but if you want to look through some of the code, you can do so at https://github.com/alagenchev/spider_monkey. Thank you, Ivan _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
