diff options
| author | hackademix | 2020-02-29 19:01:45 +0100 |
|---|---|---|
| committer | hackademix | 2020-02-29 19:01:45 +0100 |
| commit | 9a664f7b3b6a5315983317b0e47128b809bc5531 (patch) | |
| tree | 057ff4d7b4cd7c00634c2655c44774e6a9c8a01c /src/xss/InjectionChecker.js | |
| parent | e48c2053dfef4fb9209e3d432738b8fef6b8d507 (diff) | |
| download | noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.gz noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.tar.xz noscript-9a664f7b3b6a5315983317b0e47128b809bc5531.zip | |
Refactored XSS filter into an asynchronous worker to better handle DOS attempts.
Diffstat (limited to 'src/xss/InjectionChecker.js')
| -rw-r--r-- | src/xss/InjectionChecker.js | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 157147e..a309891 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -1,6 +1,6 @@ -debug("Initializing InjectionChecker"); XSS.InjectionChecker = (async () => { await include([ + "/common/SyntaxChecker.js", "/lib/Base64.js", "/lib/Timing.js", "/xss/FlashIdiocy.js", @@ -1031,7 +1031,7 @@ XSS.InjectionChecker = (async () => { return true; if (s.indexOf("&") !== -1) { - let unent = Entities.convertAll(s); + let unent = await Entities.convertAll(s); if (unent !== s && await this._checkRecursive(unent, depth)) return true; } @@ -1050,7 +1050,7 @@ XSS.InjectionChecker = (async () => { return true; if (/[\u0000-\u001f]|&#/.test(unescaped)) { - let unent = Entities.convertAll(unescaped.replace(/[\u0000-\u001f]+/g, '')); + let unent = await Entities.convertAll(unescaped.replace(/[\u0000-\u001f]+/g, '')); if (unescaped != unent && await this._checkRecursive(unent, depth)) { this.log("Trash-stripped nested URL match!"); return true; |