Improved unscanned POST blocking.

author: hackademix 2019-03-20 23:34:32 +0100
committer: hackademix 2019-03-20 23:34:32 +0100
commit: 169d5f085a7083b62dccb2eff0dec04f300cddae (patch)
tree: db9009371e1214134aad113168b98affb857e419 /src/xss
parent: cab9d0ea7410b5ba92c50a90db5741bab4133b6d (diff)
download: noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.gz
noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.xz
noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 6e0770b..3d9068f 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -246,8 +246,8 @@ var XSS = (() => {
           request.requestBody && request.requestBody.formData &&
             ic.checkPost(request.requestBody.formData, skipParams)
         : XSS.xssBlockUnscannedPOST &&
-          request.documentUrl && // exclude non-document POSTs, such as url bar searches
-          ns.requestCan(request, "script") && _("UnscannedXPost")
+          (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches
+          ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost"))
       );
 
       let protectName = ic.nameAssignment;
author	hackademix	2019-03-20 23:34:32 +0100
committer	hackademix	2019-03-20 23:34:32 +0100
commit	169d5f085a7083b62dccb2eff0dec04f300cddae (patch)
tree	db9009371e1214134aad113168b98affb857e419 /src/xss
parent	cab9d0ea7410b5ba92c50a90db5741bab4133b6d (diff)
download	noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.gz noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.xz noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.zip