summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
authorhackademix2019-06-24 22:43:14 +0200
committerhackademix2019-06-24 22:43:14 +0200
commit67974374049980100e72409da21281924989e660 (patch)
tree119d82c25164fbe6a86ed4b9e3562191a0cf049b /src/xss
parent875c5c95d1595ba3943b8be9cdc2457264111157 (diff)
downloadnoscript-67974374049980100e72409da21281924989e660.tar.gz
noscript-67974374049980100e72409da21281924989e660.tar.xz
noscript-67974374049980100e72409da21281924989e660.zip
[XSS] Fixed false positives with parameters named "src".
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/InjectionChecker.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 32d5726..a536aaf 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -302,7 +302,7 @@ XSS.InjectionChecker = (async () => {
')[^]*[\\n,;:|]|\\b(?:' +
fuzzify('setter|location|innerHTML|outerHTML') + // eval-like assignments
')\\b[^]*=|' +
- '.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' +
+ '\\.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' +
IC_EVENT_DOS_PATTERN +
"|\\b" + fuzzify("onerror") + "\\b[^]*=" +
"|=[s\\\\[ux]?\d{2}" + // escape (unicode/ascii/octal)