diff options
author | hackademix | 2019-03-20 23:34:32 +0100 |
---|---|---|
committer | hackademix | 2019-03-20 23:34:32 +0100 |
commit | 169d5f085a7083b62dccb2eff0dec04f300cddae (patch) | |
tree | db9009371e1214134aad113168b98affb857e419 /src | |
parent | cab9d0ea7410b5ba92c50a90db5741bab4133b6d (diff) | |
download | noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.gz noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.tar.xz noscript-169d5f085a7083b62dccb2eff0dec04f300cddae.zip |
Improved unscanned POST blocking.
Diffstat (limited to 'src')
-rw-r--r-- | src/xss/XSS.js | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 6e0770b..3d9068f 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -246,8 +246,8 @@ var XSS = (() => { request.requestBody && request.requestBody.formData && ic.checkPost(request.requestBody.formData, skipParams) : XSS.xssBlockUnscannedPOST && - request.documentUrl && // exclude non-document POSTs, such as url bar searches - ns.requestCan(request, "script") && _("UnscannedXPost") + (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches + ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost")) ); let protectName = ic.nameAssignment; |