summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
authorhackademix2019-08-02 18:04:51 +0200
committerhackademix2019-08-02 18:04:51 +0200
commite45dfdcf2f662b6c0d26c00e3bfe56abd3797e5a (patch)
tree441e55307f9df9b44a492a6a1ab0c3d18c600a02 /src/xss
parent845b0ee7dd1e90beea9af3d5660613fa19726c43 (diff)
downloadnoscript-e45dfdcf2f662b6c0d26c00e3bfe56abd3797e5a.tar.gz
noscript-e45dfdcf2f662b6c0d26c00e3bfe56abd3797e5a.tar.xz
noscript-e45dfdcf2f662b6c0d26c00e3bfe56abd3797e5a.zip
[XSS] Fix false positives due to overzealous HTML attribute checking.
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/InjectionChecker.js4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 4f8a910..6ab6c65 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -847,11 +847,11 @@ XSS.InjectionChecker = (async () => {
GlobalsChecker: /https?:\/\/[\S\s]+["'\s\0](?:id|class|data-\w+)[\s\0]*=[\s\0]*("')?\w{3,}(?:[\s\0]|\1|$)|(?:id|class|data-\w+)[\s\0]*=[\s\0]*("')?\w{3,}(?:[\s\0]|\1)[\s\S]*["'\s\0]href[\s\0]*=[\s\0]*(?:"')?https?:\/\//i,
HTMLChecker: new RegExp("<[^\\w<>]*(?:[^<>\"'\\s]*:)?[^\\w<>]*(?:" + // take in account quirks and namespaces
fuzzify("script|form|style|svg|marquee|(?:link|object|embed|applet|param|i?frame|base|body|meta|ima?ge?|video|audio|bindings|set|isindex|animate|template") +
- ")[^>\\w])|['\"\\s\\0/](?:formaction|style|background|src|lowsrc|ping|innerhtml|data-bind|(?:data-)?mv-(?:\\w+[\\w-]*)|" + IC_EVENT_PATTERN +
+ ")[^>\\w])|['\"\\s\\0/](?:style|innerhtml|data-bind|(?:data-)?mv-(?:\\w+[\\w-]*)|" + IC_EVENT_PATTERN +
")[\\s\\0]*=|<%[^]+[=(][^]+%>", "i"),
async checkHTML(s) {
- let links = s.match(/\b(?:href|src|base|(?:form)?action|\w+-\w+)\s*=\s*(?:(["'])[\s\S]*?\1|(?:[^'">][^>\s]*)?[:?\/#][^>\s]*)/ig);
+ let links = s.match(/\b(?:href|(?:low)?src|base|(?:form)?action|background|ping|\w+-\w+)\s*=\s*(?:(["'])[\s\S]*?\1|(?:[^'">][^>\s]*)?[:?\/#][^>\s]*)/ig);
if (links) {
for (let l of links) {
l = l.replace(/[^=]*=\s*/i, '').replace(/[\u0000-\u001f]/g, '');