summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
authorhackademix2019-10-21 23:17:18 +0200
committerhackademix2019-10-25 23:19:48 +0100
commitc1b3922de121ca3ad47c503d76183b76f6ef9404 (patch)
tree50f0e861b5b06aebd2d1639f2fee00c26c2c05db /src/xss
parent440232d45c0bd8ed5d3017cbb9ac1ff0c4a533fc (diff)
downloadnoscript-c1b3922de121ca3ad47c503d76183b76f6ef9404.tar.gz
noscript-c1b3922de121ca3ad47c503d76183b76f6ef9404.tar.xz
noscript-c1b3922de121ca3ad47c503d76183b76f6ef9404.zip
Fixed false positive (property assignment).
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/InjectionChecker.js3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 3d4303b..a903063 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -293,7 +293,8 @@ XSS.InjectionChecker = (async () => {
),
_maybeJSRx: new RegExp(
- '(?:(?:\\[[^]+\\]|\\.\\D)(?:[^]*\\([^]*\\)|[^*]`[^]+`|[^=]*=[^=][^]*\\S)' +
+ '(?:(?:\\[[^]+\\]|\\.\\D)[^;&/\'"]*(?:/[^]*|)' +
+ '(?:\\([^]*\\)|[^]*`[^]+`|=[^=][^]*\\S)' +
// double function call
'|\\([^]*\\([^]*\\)' +
')|(?:^|\\W)(?:' + IC_EVAL_PATTERN +