HTML DOM Security Analyzer

Converts unsafe sinks to safe DOM API calls and traces taint from sources to sinks across files, functions, and control flow. ← Home
Mode:
Input Files
Open a folder to load files
Output Files
Converted files appear here after analysis
Open a folder or paste code directly
Taint analysis runs automatically
Derived from actual DOM / network use
fetch / XHR / WebSocket / Beacon / EventSource calls
Assumptions outside the accept set (strict/custom mode)