wafrift-sanitizer

Client-side sanitizer decompiler: recover the sanitizer from a JS source map, extract its allow/deny model, then L*/SFA-mine inputs that survive it. The DOM-XSS dual of the WAF decompiler.