I'd be interested to see a comparison between this and the measures Microsoft has been building in since IE8. IIRC Microsoft avoided full taint checking of strings and went with an approach of just looking for reflected content.
So, an up-to-date DOMinator for Chrome but with no source code available?<p>I quite liked the discussion of issues with current XSS auditor in Chrome although I felt it was pressing the point a bit to call it "state of the art".