diff options
author | hackademix | 2020-02-29 19:01:45 +0100 |
---|---|---|
committer | hackademix | 2020-02-29 19:01:45 +0100 |
commit | 9a664f7b3b6a5315983317b0e47128b809bc5531 (patch) | |
tree | 057ff4d7b4cd7c00634c2655c44774e6a9c8a01c /src/xss/Exceptions.js | |
parent | e48c2053dfef4fb9209e3d432738b8fef6b8d507 (diff) | |
download | noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.gz noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.xz noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.zip |
Refactored XSS filter into an asynchronous worker to better handle DOS attempts.
Diffstat (limited to 'src/xss/Exceptions.js')
-rw-r--r-- | src/xss/Exceptions.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xss/Exceptions.js b/src/xss/Exceptions.js index 24fc480..e8db6e1 100644 --- a/src/xss/Exceptions.js +++ b/src/xss/Exceptions.js @@ -52,14 +52,14 @@ XSS.Exceptions = (() => { // destination or @source matching legacy regexp if (this.legacyExceptions && (this.legacyExceptions.test(unescapedDest) && - !this.isBadException(destObj.hostname) || + !this.isBadException(xssReq.destDomain) || this.legacyExceptions.test("@" + unescape(srcUrl)) )) { logEx("Legacy exception", this.legacyExceptions); return true; } - if (!srcObj && isGet) { + if (!srcOrigin && isGet) { if (/^https?:\/\/msdn\.microsoft\.com\/query\/[^<]+$/.test(unescapedDest)) { return true; // MSDN from Microsoft VS } |