I've updated the README to add detailed build instructions: https://github.com/alagenchev/spider_monkey/blob/master/README.md
Ivan On Thu, Aug 29, 2013 at 11:27 AM, Ivan Alagenchev <alagenc...@gmail.com>wrote: > You are welcome. That sounds great. We don't have a UI that would make > this easy to use for your purposes yet, but that's one of the things we > plan to build on top of it. Feature requests are welcome too. > > Ivan > > > On Thu, Aug 29, 2013 at 11:20 AM, Ryan Dewhurst <ryandewhu...@gmail.com>wrote: > >> Hi Ivan, >> >> Thank you for taking the time! >> >> I would be interested in using this on my web application security >> assessments to help identify DOM based XSS. >> >> Thanks again, >> Ryan >> >> >> On Thu, Aug 29, 2013 at 5:16 PM, Ivan Alagenchev <alagenc...@gmail.com>wrote: >> >>> Hello Ryan, >>> >>> Thank you for showing interest. >>> >>> The build instructions are pretty much these here: >>> https://developer.mozilla.org/en-US/docs/SpiderMonkey/Build_Documentation >>> I use these configure commands: >>> https://github.com/alagenchev/spider_monkey/blob/master/js-1.8.5/js/src/ivan_configure_script >>> The first line is for linux, the second for mac. >>> Here is my build setup: >>> https://github.com/alagenchev/spider_monkey/blob/master/js-1.8.5/js/src/IvanBuildInstructions.txt >>> I realize that more people than just me can start looking at this, so I >>> am going to add step by step build instructions starting from a fresh >>> checkout today. I'll send you a link to the more detailed instructions when >>> I'm done with it. >>> >>> Thanks, >>> Ivan >>> >>> >>> >>> >>> On Thu, Aug 29, 2013 at 3:56 AM, Ryan Dewhurst >>> <ryandewhu...@gmail.com>wrote: >>> >>>> Hi, >>>> >>>> Is there any step by step instructions on how to build and use this for >>>> those unfamiliar with Spider Monkey? >>>> >>>> Thank you, >>>> Ryan >>>> >>>> >>>> On Thu, Aug 29, 2013 at 4:43 AM, Ivan Alagenchev >>>> <alagenc...@gmail.com>wrote: >>>> >>>>> Hello Everyone, >>>>> >>>>> I am pleased to announce that I have finally brought my volunteer >>>>> project >>>>> that adds string taint tracking to spider monkey to >>>>> functional equivalence with the community edition of the DOMinator >>>>> project >>>>> https://dominator.mindedsecurity.com/. >>>>> This was the original goal when we started. >>>>> >>>>> Mark Goodwin and I started this journey in December of last year and >>>>> it has >>>>> been a long and difficult process. >>>>> The goal of the project was to add taint support for JSString objects >>>>> in >>>>> spider monkey. This can be used as the basis for a >>>>> dynamic analysis framework, which can be used to detect DOM XSS >>>>> vulnerabilities. >>>>> Here is the tracking bug for it: >>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=811877. >>>>> This achievement allows us to focus on a new goal - namely to improve >>>>> the >>>>> overall approach and performance of the framework, >>>>> so that it can become an integral part of spider monkey one day. Jim >>>>> Blandy >>>>> will assist us in this new endeavor. >>>>> >>>>> There is a lot of work left ahead of us, but if you want to look >>>>> through >>>>> some of the code, you can do so at >>>>> https://github.com/alagenchev/spider_monkey. >>>>> >>>>> Thank you, >>>>> Ivan >>>>> _______________________________________________ >>>>> dev-security mailing list >>>>> dev-security@lists.mozilla.org >>>>> https://lists.mozilla.org/listinfo/dev-security >>>>> >>>> >>>> >>> >> > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
