summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
authorhackademix2020-04-19 23:43:28 +0200
committerhackademix2020-04-19 23:43:28 +0200
commit1e01979e41901e19aaf25c88f1a15dcaf51d2c69 (patch)
tree6e8225641d188f5821d077491e89e8b18ac9f853 /src/xss
parent97c7cc74f357d7e03051087e2bef6c6252a2163f (diff)
downloadnoscript-1e01979e41901e19aaf25c88f1a15dcaf51d2c69.tar.gz
noscript-1e01979e41901e19aaf25c88f1a15dcaf51d2c69.tar.xz
noscript-1e01979e41901e19aaf25c88f1a15dcaf51d2c69.zip
[XSS] Fixed false positives and timeouts (thanks riaggren for report).
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/InjectionCheckWorker.js2
-rw-r--r--src/xss/InjectionChecker.js8
2 files changed, 5 insertions, 5 deletions
diff --git a/src/xss/InjectionCheckWorker.js b/src/xss/InjectionCheckWorker.js
index 47f007d..50ab138 100644
--- a/src/xss/InjectionCheckWorker.js
+++ b/src/xss/InjectionCheckWorker.js
@@ -74,7 +74,7 @@ Entities = {
if (msg.handler in Handlers) try {
await Handlers[msg.handler](msg);
} catch (e) {
- postMessage({error: e});
+ postMessage({error: e.message});
}
}
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 2ea7a25..9b306eb 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -327,7 +327,7 @@ XSS.InjectionChecker = (async () => {
_assignmentRx: /^(?:[^()="'\s]+=(?:[^(='"\[+]+|[?a-zA-Z_0-9;,&=/]+|[\d.|]+))$/,
_badRightHandRx: /=[\s\S]*(?:_QS_\b|[|.][\s\S]*source\b|<[\s\S]*\/[^>]*>)/,
_wikiParensRx: /^(?:[\w.|-]+\/)*\(*[\w\s-]+\([\w\s-]+\)[\w\s-]*\)*$/,
- _neutralDotsRx: /(?:^|[\/;&#])[\w-]+\.[\w-]+[\?;\&#]/g,
+ _neutralDotsOrParensRx: /(?:^|[\/;&#])(?:[\w-]+\.[\w-]+[\?;\&#]|[\s\d]*\()/g,
_openIdRx: /^scope=(?:\w+\+)\w/, // OpenID authentication scope parameter, see http://forums.informaction.com/viewtopic.php?p=69851#p69851
_gmxRx: /\$\(clientName\)-\$\(dataCenter\)\.(\w+\.)+\w+/, // GMX webmail, see http://forums.informaction.com/viewtopic.php?p=69700#p69700
@@ -354,7 +354,7 @@ XSS.InjectionChecker = (async () => {
return this._singleAssignmentRx.test(expr) || this._riskyAssignmentRx.test(expr) && this._nameRx.test(expr);
return this._riskyParensRx.test(expr) ||
- this._maybeJSRx.test(expr.replace(this._neutralDotsRx, '')) &&
+ this._maybeJSRx.test(expr.replace(this._neutralDotsOrParensRx, '')) &&
!this._wikiParensRx.test(expr);
},
@@ -457,7 +457,7 @@ XSS.InjectionChecker = (async () => {
checkLastFunction: function() {
var fn = this.syntax.lastFunction;
if (!fn) return false;
- var m = fn.toSource().match(/\{([\s\S]*)\}/);
+ var m = fn.toString().match(/\{([\s\S]*)\}/);
if (!m) return false;
var expr = this.stripLiteralsAndComments(m[1]);
return /=[\s\S]*cookie|\b(?:setter|document|location|(?:inn|out)erHTML|\.\W*src)[\s\S]*=|[\w$\u0080-\uffff\)\]]\s*[\[\(]/.test(expr) ||
@@ -778,7 +778,7 @@ XSS.InjectionChecker = (async () => {
if (ret) {
let msg = "JavaScript Injection in " + s;
if (this.syntax.lastFunction) {
- msg += "\n" + this.syntax.lastFunction.toSource();
+ msg += `\n${this.syntax.lastFunction}`;
}
this.escalate(msg);
}