summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
authorhackademix2019-05-22 18:26:05 +0200
committerhackademix2019-05-22 18:45:34 +0200
commit0eb42450d4f63759c0cfc61d433ffd5f9453c339 (patch)
treee47323f3bc356943a10f88f244cb0e120e593988 /src/xss
parentc84673b110a3843d52ff3a531fc7593cef2b7ca3 (diff)
downloadnoscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.tar.gz
noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.tar.xz
noscript-0eb42450d4f63759c0cfc61d433ffd5f9453c339.zip
Removed work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530 (see https://trac.torproject.org/projects/tor/ticket/29969#comment:9).
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/XSS.js17
1 files changed, 2 insertions, 15 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 9c2fca3..93230cd 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -116,12 +116,6 @@ var XSS = (() => {
if (!UA.isMozilla) return; // async webRequest is supported on Mozilla only
let {onBeforeRequest} = browser.webRequest;
- let {xssScanRequestBody} = ns.sync;
- if (xssScanRequestBody !== this.xssScanRequestBody) {
- this.stop();
- this.xssScanRequestBody = xssScanRequestBody;
- }
- this.xssBlockUnscannedPOST = ns.sync.xssBlockUnscannedPOST;
if (onBeforeRequest.hasListener(requestListener)) return;
@@ -144,9 +138,7 @@ var XSS = (() => {
onBeforeRequest.addListener(requestListener, {
urls: ["*://*/*"],
types: ["main_frame", "sub_frame", "object"]
- },
- // work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530
- xssScanRequestBody ? ["blocking", "requestBody"] : ["blocking"]);
+ }, ["blocking", "requestBody"]);
},
stop() {
@@ -247,13 +239,8 @@ var XSS = (() => {
ic.reset();
let postInjection = xssReq.isPost &&
- (XSS.xssScanRequestBody ?
request.requestBody && request.requestBody.formData &&
- ic.checkPost(request.requestBody.formData, skipParams)
- : XSS.xssBlockUnscannedPOST &&
- (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches
- ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost"))
- );
+ ic.checkPost(request.requestBody.formData, skipParams);
let protectName = ic.nameAssignment;
let urlInjection = ic.checkUrl(destUrl, skipRx);