diff options
| author | hackademix | 2019-05-28 00:48:27 +0200 |
|---|---|---|
| committer | hackademix | 2019-05-28 01:35:44 +0200 |
| commit | 4d4fa3c6ed55469753a61d35e2112750984c2044 (patch) | |
| tree | 7337597720b991079b51c774d0a1b7fdb4adf094 /src/xss | |
| parent | 37d148e3af8f33f9a8b89ebc392b869c30dafb54 (diff) | |
| download | noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.gz noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.xz noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.zip | |
Make XSS timeouts fatal and reported.
Diffstat (limited to 'src/xss')
| -rw-r--r-- | src/xss/XSS.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 51216d8..5b93921 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -58,7 +58,7 @@ var XSS = (() => { data = []; } catch (e) { error(e, "XSS filter processing %o", xssReq); - if (e instanceof TimingException) { + if (e instanceof TimingException && !/\btimeout\b/i.test(e.message)) { // we don't want prompts if the request expired / errored first return; } @@ -256,6 +256,7 @@ var XSS = (() => { let ic = new (await this.InjectionChecker)(); let {timing} = ic; timingsMap.set(request.id, timing); + timing.fatalTimeout = true; let postInjection = xssReq.isPost && request.requestBody && request.requestBody.formData && |