summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
authorhackademix2019-03-20 23:34:32 +0100
committerhackademix2019-03-20 23:34:32 +0100
commit169d5f085a7083b62dccb2eff0dec04f300cddae (patch)
treedb9009371e1214134aad113168b98affb857e419 /src/xss
parentcab9d0ea7410b5ba92c50a90db5741bab4133b6d (diff)
downloadnoscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.gz
noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.xz
noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.zip
Improved unscanned POST blocking.
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/XSS.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 6e0770b..3d9068f 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -246,8 +246,8 @@ var XSS = (() => {
request.requestBody && request.requestBody.formData &&
ic.checkPost(request.requestBody.formData, skipParams)
: XSS.xssBlockUnscannedPOST &&
- request.documentUrl && // exclude non-document POSTs, such as url bar searches
- ns.requestCan(request, "script") && _("UnscannedXPost")
+ (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches
+ ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost"))
);
let protectName = ic.nameAssignment;