Fixed searches from the url bar causing XSS warnings in the Tor Browser.

author: hackademix 2019-03-19 23:11:18 +0100
committer: hackademix 2019-03-19 23:11:18 +0100
commit: fa623fe400a5009e92f85bae213d15b589dd123f (patch)
tree: 1fa1df68a062ec5ecb1359bf95e50b62e839fad0 /src/xss/XSS.js
parent: c505c3e999cac60fe6179ddd7db5f4a49b56b7ed (diff)
download: noscript-fa623fe400a5009e92f85bae213d15b589dd123f.tar.gz
noscript-fa623fe400a5009e92f85bae213d15b589dd123f.tar.xz
noscript-fa623fe400a5009e92f85bae213d15b589dd123f.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index b7bffce..6e0770b 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -245,7 +245,9 @@ var XSS = (() => {
        (XSS.xssScanRequestBody ?
           request.requestBody && request.requestBody.formData &&
             ic.checkPost(request.requestBody.formData, skipParams)
-        : XSS.xssBlockUnscannedPOST && ns.requestCan(request, "script") && _("UnscannedXPost")
+        : XSS.xssBlockUnscannedPOST &&
+          request.documentUrl && // exclude non-document POSTs, such as url bar searches
+          ns.requestCan(request, "script") && _("UnscannedXPost")
       );
 
       let protectName = ic.nameAssignment;
author	hackademix	2019-03-19 23:11:18 +0100
committer	hackademix	2019-03-19 23:11:18 +0100
commit	fa623fe400a5009e92f85bae213d15b589dd123f (patch)
tree	1fa1df68a062ec5ecb1359bf95e50b62e839fad0 /src/xss/XSS.js
parent	c505c3e999cac60fe6179ddd7db5f4a49b56b7ed (diff)
download	noscript-fa623fe400a5009e92f85bae213d15b589dd123f.tar.gz noscript-fa623fe400a5009e92f85bae213d15b589dd123f.tar.xz noscript-fa623fe400a5009e92f85bae213d15b589dd123f.zip