Skip to content

DOMLogger++ 1.0.6
Compare
Choose a tag to compare
@kevin-mizu kevin-mizu released this 04 Aug 19:05
· 88 commits to main since this release
1.0.6
ffda801

Added

  • New configuration files (postMessage & leverage-xss.json) are available in the configs folder (it will be improved soon).
  • A new globals root key is associated with the domlogger.globals variable for execCode shortcut.
  • A new onload root key is used to execute code after the extension loads.
  • New matchTrace and !matchTrace directives have been added to the config root key, allowing filtering based on the sink's stack trace (#13) (Thanks @jonathann403).
  • Hooked functions and classes are now available in domlogger.func for execCode usage to avoid DoS due to recursive hook/usage.
  • The domlogger.update.thisArg property can be used within the hookFunction directive to overwrite the thisArg value.
  • A new full-screen mode has been added in DevTools (#20) (Thanks @xanhacks).
  • New tooltips have been added to the popup and DevTools icons (#23) (Thanks @xanhacks).

Updated

  • The frames column now properly describes which frames the sink has been found in (e.g., top.frames[1].frames[0]).
  • The RegExp.prototype.toJSON method has been overwritten to properly log the regex value instead of {}.
  • Arguments passed in the exec: directive are no longer stringified, making their usage easier.
  • The exec: and hookFunction directives now have 3 parameters: thisArg, args, and target.
  • The CSPT config has been updated to work properly with the new updates.

Fixed

  • The DevTools tab should work better now; I'll aim to completely fix it in the next release.
  • Fixed a bug that was blocking URLSearchParams.prototype.get from being hooked (#15) (Thanks @matanber).
  • Stopped using crypto.subtle, which isn't exposed over HTTP (making the extension unavailable in that case) (#14) (Thanks @FeelProud).
  • The "Add Current eTLD+1" button in the popup now properly handles public eTLDs (e.g., .co.uk) and IPs (#17) (Thanks @xnl-h4ck3r).
  • Unicode characters in the config should no longer cause the extension to crash.
  • The hookFunction directive should now be working properly.
  • The extension should no longer crash if the config root key is absent.
  • The UI for the "Remove Headers" settings has been fixed (#19) (Thanks @xanhacks).

Contributors

FeelProud, xanhacks, and 3 other contributors
Assets 4
Loading