summaryrefslogtreecommitdiff
path: root/src/xss/InjectionChecker.js
diff options
context:
space:
mode:
authorhackademix2019-05-28 16:48:58 +0200
committerhackademix2019-05-28 16:48:58 +0200
commit22bceb6c973a157b18c319ba7b5bdbae66fb05e3 (patch)
tree1c3cc79204f39c11a5810cab2ea09c8bf6269569 /src/xss/InjectionChecker.js
parentb935c22f55eba428684c81bc22b8069fbfbdd88b (diff)
downloadnoscript-22bceb6c973a157b18c319ba7b5bdbae66fb05e3.tar.gz
noscript-22bceb6c973a157b18c319ba7b5bdbae66fb05e3.tar.xz
noscript-22bceb6c973a157b18c319ba7b5bdbae66fb05e3.zip
Further JSON reduction optimizations.
Diffstat (limited to 'src/xss/InjectionChecker.js')
-rw-r--r--src/xss/InjectionChecker.js7
1 files changed, 3 insertions, 4 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index ae5fea0..32d5726 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -172,8 +172,7 @@ XSS.InjectionChecker = (async () => {
const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/;
// optimistic case first, one big JSON block
- s = s.replace(/[^{"]+=/, "")
- let m = s.match(/{[^]+}|\[[^]*{[^]*}[^]*\]/);
+ let m = s.match(/{[^]+}|\[[^=]*{[^]*}[^]*\]/);
if (!m) return s;
// semicolon-separated JSON chunks, like on syndication.twitter.com
@@ -201,15 +200,15 @@ XSS.InjectionChecker = (async () => {
let iterations = 0;
while (start > -1 && end - start > 1) {
expr = s.substring(start, end + 1);
+ if (expr === prevExpr) break;
let before = s.substring(0, start);
let after = s.substring(end + 1);
- if (expr === prevExpr) break;
iterations++;
if (await this.timing.pause()) {
this.log(`JSON reduction iterations ${iterations++}, elapsed ${this.timing.elapsed}, expr ${expr}`);
}
end = s.lastIndexOf("}", end - 1);
- if (end === -1) {
+ if (end < start) {
start = s.indexOf("{", start + 1);
end = s.lastIndexOf("}");
}