I'm working on a project where I want to achieve taint tracking in
Chromium. In essence, I want to be able to identify things coming from the
DOM, what might happen to them (concat, substring, etc) and be able to
identify variables derived from them. My question in a nutshell is: how and
where are calls to the DOM implemented? I gather that v8 is provided a
context from the rendering engine and then works on that - couldn't find
the corresponding code though.
Your help is very much appreciated