JS Vulnerability Detector: Enhancing Website Security with JavaScript Vulnerability Detection
JS Vulnerability Detector is a Chrome extension developed by randysekvojta. This extension is the result of a Master Thesis project at Brno University of Technology, Faculty of Information Technology, completed inThe main objective of this extension is to add security features to websites that contain vulnerable JavaScript library code.
Upon loading a webpage, JS Vulnerability Detector scans all the JavaScript code on the page and sends it to the background script for processing. If the script contains a known vulnerability, particularly focusing on jQuery, the extension tracks and displays it in the popup. Users have the option to block, patch, or simply track the vulnerable script.
All data is stored locally and can be cleared using the "Clear" button in the extension popup. There is no server communication involved, ensuring that no data leaves the browser.
JS Vulnerability Detector operates in four modes: disabled, analyze, block, and repair. In the analyze mode, only standard analysis is performed without patching or blocking vulnerable scripts. The block mode removes vulnerable scripts from the website, while the repair mode attempts to patch the vulnerabilities if possible.
Currently, the extension can detect vulnerable versions of jQuery up toand repair them by updating them at runtime. It can also detect vulnerabilities in other JavaScript libraries such as lodash, remarkjs, axios, handlebars, and more, totaling around 30 vulnerabilities.
![Icon of program: [DATA EXPUNGED]](https://images.sftcdn.net/images/t_app-icon-s/p/6a675ed4-c116-4431-a452-2317b564fb2c/2449950256/data-expunged-logo){kind=icon}
