Make XSS timeouts fatal and reported.

author: hackademix 2019-05-28 00:48:27 +0200
committer: hackademix 2019-05-28 01:35:44 +0200
commit: 4d4fa3c6ed55469753a61d35e2112750984c2044 (patch)
tree: 7337597720b991079b51c774d0a1b7fdb4adf094 /src
parent: 37d148e3af8f33f9a8b89ebc392b869c30dafb54 (diff)
download: noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.gz
noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.xz
noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 51216d8..5b93921 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -58,7 +58,7 @@ var XSS = (() => {
       data = [];
     } catch (e) {
       error(e, "XSS filter processing %o", xssReq);
-      if (e instanceof TimingException) {
+      if (e instanceof TimingException && !/\btimeout\b/i.test(e.message)) {
         // we don't want prompts if the request expired / errored first
         return;
       }
@@ -256,6 +256,7 @@ var XSS = (() => {
       let ic = new (await this.InjectionChecker)();
       let {timing} = ic;
       timingsMap.set(request.id, timing);
+      timing.fatalTimeout = true;
 
       let postInjection = xssReq.isPost &&
           request.requestBody && request.requestBody.formData &&
author	hackademix	2019-05-28 00:48:27 +0200
committer	hackademix	2019-05-28 01:35:44 +0200
commit	4d4fa3c6ed55469753a61d35e2112750984c2044 (patch)
tree	7337597720b991079b51c774d0a1b7fdb4adf094 /src
parent	37d148e3af8f33f9a8b89ebc392b869c30dafb54 (diff)
download	noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.gz noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.tar.xz noscript-4d4fa3c6ed55469753a61d35e2112750984c2044.zip