Finding Issues
To find DOM security issues on a website, you have to simply browse the site using Sboxr'd Chrome.
Sboxr identifies issues passively through run-time analysis of the JavaScript that runs inside the Sboxr'd Chrome. So it can only identify issues on those sections of the site you visit and those sections of JavaScript code that execute. So you have to ensure that you are browsing as many sections of the site as possible and in critical sections of the site you have to ensure that you are triggering as much of the page's functionality as possible.
While you browse a site with Sboxr, the browsing experience might be relatively slow, this is due to the run-time analysis performed by Sboxr. The delay introduced might differ from site to site depending on various factors and can vary from barely noticeable to significant.
To perform the run-time analysis, Sboxr modifies the JavaScript that is running in the page. These modifications can sometimes break the functionality of the page. These are considered as functional bugs in Sboxr. If reported to us at contact@sboxr.com, we will do our best to address them in the subsequent releases of Sboxr.