Prevent script injection from messing with content-disposition=attachment responses.

author: hackademix 2018-07-17 12:10:17 +0200
committer: hackademix 2018-07-17 12:10:17 +0200
commit: 5a60d58d247fe90ea6ff30e6789c09d5c892d80b (patch)
tree: 3d3af0b1b87e2a060790362112f33f93764fdf73 /src/lib
parent: 493d40021a8bd9178249f3e84cb411de2c2f0e54 (diff)
download: noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.tar.gz
noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.tar.xz
noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/src/lib/ContentMetaData.js b/src/lib/ContentMetaData.js
index da335ad..002a212 100644
--- a/src/lib/ContentMetaData.js
+++ b/src/lib/ContentMetaData.js
@@ -4,7 +4,7 @@ class ContentMetaData {
     let {responseHeaders} = request;
     for (let h of responseHeaders) {
       if (/^\s*Content-(Type|Disposition)\s*$/i.test(h.name)) {
-        this[h.name.split("-")[1].trim().toLowerCase()] = h.value;
+        this[RegExp.$1.toLowerCase()] = h.value;
       }
     }
   }
author	hackademix	2018-07-17 12:10:17 +0200
committer	hackademix	2018-07-17 12:10:17 +0200
commit	5a60d58d247fe90ea6ff30e6789c09d5c892d80b (patch)
tree	3d3af0b1b87e2a060790362112f33f93764fdf73 /src/lib
parent	493d40021a8bd9178249f3e84cb411de2c2f0e54 (diff)
download	noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.tar.gz noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.tar.xz noscript-5a60d58d247fe90ea6ff30e6789c09d5c892d80b.zip