Thanks for bringing this to dev-platform. Dynamic analysis is something the security teams are particularly interested in. Especially tainting user input is something we could make use of across the project: Existing security efforts for Firefox OS, Firefox Desktop, Firefox Mobile and our websites would all greatly benefit from it, as it could help preventing Cross-Site Scripting and other content injection attacks.
Some people may know the work Stefano Di Paola has done to develop his DOM-XSS scanner "DOMinator". There's also been an attempt to develop it in-tree within the security mentorship program, but the outcome wasn't fit to be merged into moz-central (bug 811877). A mozilla-owned API would help make all future endeavors last. I have also been in contact with folks in academia and the industry who are interested in both implementation and consumption of the API. I will make sure their attention is directed to this threat to provide additional feedback. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
