summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhackademix2019-05-28 00:48:27 +0200
committerhackademix2019-05-28 01:35:44 +0200
commit4d4fa3c6ed55469753a61d35e2112750984c2044 (patch)
tree7337597720b991079b51c774d0a1b7fdb4adf094
parent37d148e3af8f33f9a8b89ebc392b869c30dafb54 (diff)
downloadnoscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.gz
noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.xz
noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.zip
Make XSS timeouts fatal and reported.
-rw-r--r--src/xss/XSS.js3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 51216d8..5b93921 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -58,7 +58,7 @@ var XSS = (() => {
data = [];
} catch (e) {
error(e, "XSS filter processing %o", xssReq);
- if (e instanceof TimingException) {
+ if (e instanceof TimingException && !/\btimeout\b/i.test(e.message)) {
// we don't want prompts if the request expired / errored first
return;
}
@@ -256,6 +256,7 @@ var XSS = (() => {
let ic = new (await this.InjectionChecker)();
let {timing} = ic;
timingsMap.set(request.id, timing);
+ timing.fatalTimeout = true;
let postInjection = xssReq.isPost &&
request.requestBody && request.requestBody.formData &&