diff options
| author | hackademix | 2019-10-21 23:17:18 +0200 |
|---|---|---|
| committer | hackademix | 2019-10-25 23:19:48 +0100 |
| commit | c1b3922de121ca3ad47c503d76183b76f6ef9404 (patch) | |
| tree | 50f0e861b5b06aebd2d1639f2fee00c26c2c05db /src/xss | |
| parent | 440232d45c0bd8ed5d3017cbb9ac1ff0c4a533fc (diff) | |
| download | noscript-c1b3922de121ca3ad47c503d76183b76f6ef9404.tar.gz noscript-c1b3922de121ca3ad47c503d76183b76f6ef9404.tar.xz noscript-c1b3922de121ca3ad47c503d76183b76f6ef9404.zip | |
Fixed false positive (property assignment).
Diffstat (limited to 'src/xss')
| -rw-r--r-- | src/xss/InjectionChecker.js | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 3d4303b..a903063 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -293,7 +293,8 @@ XSS.InjectionChecker = (async () => { ), _maybeJSRx: new RegExp( - '(?:(?:\\[[^]+\\]|\\.\\D)(?:[^]*\\([^]*\\)|[^*]`[^]+`|[^=]*=[^=][^]*\\S)' + + '(?:(?:\\[[^]+\\]|\\.\\D)[^;&/\'"]*(?:/[^]*|)' + + '(?:\\([^]*\\)|[^]*`[^]+`|=[^=][^]*\\S)' + // double function call '|\\([^]*\\([^]*\\)' + ')|(?:^|\\W)(?:' + IC_EVAL_PATTERN + |