diff options
author | hackademix | 2019-05-28 16:48:58 +0200 |
---|---|---|
committer | hackademix | 2019-05-28 16:48:58 +0200 |
commit | 22bceb6c973a157b18c319ba7b5bdbae66fb05e3 (patch) | |
tree | 1c3cc79204f39c11a5810cab2ea09c8bf6269569 | |
parent | b935c22f55eba428684c81bc22b8069fbfbdd88b (diff) | |
download | noscript-22bceb6c973a157b18c319ba7b5bdbae66fb05e3.tar.gz noscript-22bceb6c973a157b18c319ba7b5bdbae66fb05e3.tar.xz noscript-22bceb6c973a157b18c319ba7b5bdbae66fb05e3.zip |
Further JSON reduction optimizations.
-rw-r--r-- | src/xss/InjectionChecker.js | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index ae5fea0..32d5726 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -172,8 +172,7 @@ XSS.InjectionChecker = (async () => { const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/; // optimistic case first, one big JSON block - s = s.replace(/[^{"]+=/, "") - let m = s.match(/{[^]+}|\[[^]*{[^]*}[^]*\]/); + let m = s.match(/{[^]+}|\[[^=]*{[^]*}[^]*\]/); if (!m) return s; // semicolon-separated JSON chunks, like on syndication.twitter.com @@ -201,15 +200,15 @@ XSS.InjectionChecker = (async () => { let iterations = 0; while (start > -1 && end - start > 1) { expr = s.substring(start, end + 1); + if (expr === prevExpr) break; let before = s.substring(0, start); let after = s.substring(end + 1); - if (expr === prevExpr) break; iterations++; if (await this.timing.pause()) { this.log(`JSON reduction iterations ${iterations++}, elapsed ${this.timing.elapsed}, expr ${expr}`); } end = s.lastIndexOf("}", end - 1); - if (end === -1) { + if (end < start) { start = s.indexOf("{", start + 1); end = s.lastIndexOf("}"); } |