diff options
| author | hackademix | 2019-05-22 18:26:05 +0200 |
|---|---|---|
| committer | hackademix | 2019-05-22 18:45:34 +0200 |
| commit | 0eb42450d4f63759c0cfc61d433ffd5f9453c339 (patch) | |
| tree | e47323f3bc356943a10f88f244cb0e120e593988 /src/xss/XSS.js | |
| parent | c84673b110a3843d52ff3a531fc7593cef2b7ca3 (diff) | |
| download | noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.tar.gz noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.tar.xz noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.zip | |
Removed work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 (see https://trac.torproject.org/projects/tor/ticket/29969#comment:9).
Diffstat (limited to 'src/xss/XSS.js')
| -rw-r--r-- | src/xss/XSS.js | 17 |
1 files changed, 2 insertions, 15 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 9c2fca3..93230cd 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -116,12 +116,6 @@ var XSS = (() => { if (!UA.isMozilla) return; // async webRequest is supported on Mozilla only let {onBeforeRequest} = browser.webRequest; - let {xssScanRequestBody} = ns.sync; - if (xssScanRequestBody !== this.xssScanRequestBody) { - this.stop(); - this.xssScanRequestBody = xssScanRequestBody; - } - this.xssBlockUnscannedPOST = ns.sync.xssBlockUnscannedPOST; if (onBeforeRequest.hasListener(requestListener)) return; @@ -144,9 +138,7 @@ var XSS = (() => { onBeforeRequest.addListener(requestListener, { urls: ["*://*/*"], types: ["main_frame", "sub_frame", "object"] - }, - // work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 - xssScanRequestBody ? ["blocking", "requestBody"] : ["blocking"]); + }, ["blocking", "requestBody"]); }, stop() { @@ -247,13 +239,8 @@ var XSS = (() => { ic.reset(); let postInjection = xssReq.isPost && - (XSS.xssScanRequestBody ? request.requestBody && request.requestBody.formData && - ic.checkPost(request.requestBody.formData, skipParams) - : XSS.xssBlockUnscannedPOST && - (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches - ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost")) - ); + ic.checkPost(request.requestBody.formData, skipParams); let protectName = ic.nameAssignment; let urlInjection = ic.checkUrl(destUrl, skipRx); |