Refactored XSS filter into an asynchronous worker to better handle DOS attempts.

author: hackademix 2020-02-29 19:01:45 +0100
committer: hackademix 2020-02-29 19:01:45 +0100
commit: 9a664f7b3b6a5315983317b0e47128b809bc5531 (patch)
tree: 057ff4d7b4cd7c00634c2655c44774e6a9c8a01c /src/xss/Exceptions.js
parent: e48c2053dfef4fb9209e3d432738b8fef6b8d507 (diff)
download: noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.gz
noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.xz
noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xss/Exceptions.js b/src/xss/Exceptions.js
index 24fc480..e8db6e1 100644
--- a/src/xss/Exceptions.js
+++ b/src/xss/Exceptions.js
@@ -52,14 +52,14 @@ XSS.Exceptions = (() => {
       // destination or @source matching legacy regexp
       if (this.legacyExceptions &&
           (this.legacyExceptions.test(unescapedDest) &&
-          !this.isBadException(destObj.hostname) ||
+          !this.isBadException(xssReq.destDomain) ||
           this.legacyExceptions.test("@" + unescape(srcUrl))
         )) {
         logEx("Legacy exception", this.legacyExceptions);
         return true;
       }
 
-      if (!srcObj && isGet) {
+      if (!srcOrigin && isGet) {
         if (/^https?:\/\/msdn\.microsoft\.com\/query\/[^<]+$/.test(unescapedDest)) {
           return true; // MSDN from Microsoft VS
         }
author	hackademix	2020-02-29 19:01:45 +0100
committer	hackademix	2020-02-29 19:01:45 +0100
commit	9a664f7b3b6a5315983317b0e47128b809bc5531 (patch)
tree	057ff4d7b4cd7c00634c2655c44774e6a9c8a01c /src/xss/Exceptions.js
parent	e48c2053dfef4fb9209e3d432738b8fef6b8d507 (diff)
download	noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.gz noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.xz noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.zip