diff options
| author | hackademix | 2019-06-24 22:43:14 +0200 |
|---|---|---|
| committer | hackademix | 2019-06-24 22:43:14 +0200 |
| commit | 67974374049980100e72409da21281924989e660 (patch) | |
| tree | 119d82c25164fbe6a86ed4b9e3562191a0cf049b /src/xss | |
| parent | 875c5c95d1595ba3943b8be9cdc2457264111157 (diff) | |
| download | noscript-67974374049980100e72409da21281924989e660.tar.gz noscript-67974374049980100e72409da21281924989e660.tar.xz noscript-67974374049980100e72409da21281924989e660.zip | |
[XSS] Fixed false positives with parameters named "src".
Diffstat (limited to 'src/xss')
| -rw-r--r-- | src/xss/InjectionChecker.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 32d5726..a536aaf 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -302,7 +302,7 @@ XSS.InjectionChecker = (async () => { ')[^]*[\\n,;:|]|\\b(?:' + fuzzify('setter|location|innerHTML|outerHTML') + // eval-like assignments ')\\b[^]*=|' + - '.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' + + '\\.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' + IC_EVENT_DOS_PATTERN + "|\\b" + fuzzify("onerror") + "\\b[^]*=" + "|=[s\\\\[ux]?\d{2}" + // escape (unicode/ascii/octal) |