Hi, Is there any step by step instructions on how to build and use this for those unfamiliar with Spider Monkey?
Thank you, Ryan On Thu, Aug 29, 2013 at 4:43 AM, Ivan Alagenchev <alagenc...@gmail.com>wrote: > Hello Everyone, > > I am pleased to announce that I have finally brought my volunteer project > that adds string taint tracking to spider monkey to > functional equivalence with the community edition of the DOMinator project > https://dominator.mindedsecurity.com/. > This was the original goal when we started. > > Mark Goodwin and I started this journey in December of last year and it has > been a long and difficult process. > The goal of the project was to add taint support for JSString objects in > spider monkey. This can be used as the basis for a > dynamic analysis framework, which can be used to detect DOM XSS > vulnerabilities. > Here is the tracking bug for it: > https://bugzilla.mozilla.org/show_bug.cgi?id=811877. > This achievement allows us to focus on a new goal - namely to improve the > overall approach and performance of the framework, > so that it can become an integral part of spider monkey one day. Jim Blandy > will assist us in this new endeavor. > > There is a lot of work left ahead of us, but if you want to look through > some of the code, you can do so at > https://github.com/alagenchev/spider_monkey. > > Thank you, > Ivan > _______________________________________________ > dev-security mailing list > dev-security@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-security > _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
