The DOM scanner colors sources and sinks in script lines. Moreover,
that scanner collects all colored lines:
0ecedc1bba/core/dom.py (L50)
As coloring is disabled on Windows, macOS, and iOS, no potentially
tainted lines will be collected on these platforms:
0ecedc1bba/core/colors.py (L8-L9)
Consequently, the report of potential DOM vulnerabilities is always
empty.
This change fixes this bug by surrounding sources and sinks with `*`
characters.
Also, this change removes unused colors imports.
* Add files via upload
* Add files via upload
* Logging functionality (Resolves#146)
* Created customized logger and setup file
* Start replacing prints
* Custom StreamHandler to allow '\r' as line terminator and updated more prints
* Remove setup.py
* Logger functionality to write red lines and records without format
* Possibility to set logging level when logging without format and usage of debug level instead of verboseOutput
* Replace utils logger function calls
* Fixes
* Import missing info color
* Move xsstrike.py imports to properly initialize loggers and add logger method to debug data using json
* Minor fix
