Google has a test tool released by which sites can be examined for vulnerabilities on the client-side. The tool, DOM Snitch named, intercepts javascript calls to look, for example, or cross site scripting is possible.
The newly announced tool is a Chrome extension that in real-time dom changes. This javascript calls that pose a security threat, referred to as such on a scale of green for a problem with small beveiligingsimpact to red for a real vulnerability. With the tool, among others, can vulnerabilities be identified that cross site scripting, where attackers are their own content, can load, possible.
Normally, the tool specifies a list of dom calls again if a web page is loaded, but testers can the tool also be used to make javascript calls to manipulate them before they are executed. Ironically, it contains Google Code, which the tool will be hosted, according to the tool, a number of calls that have a small influence on the security.