diff options
-rw-r--r-- | src/xss/InjectionChecker.js | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index a309891..b066515 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -890,14 +890,14 @@ XSS.InjectionChecker = (async () => { async checkBase64(url) { this.base64 = false; - this.log(url); - - - var parts = url.split("#"); // check hash - if (parts.length > 1 && await this.checkBase64FragEx(unescape(parts[1]))) - return true; + let hashPos = url.indexOf("#"); + if (hashPos !== -1) { + if (await this.checkBase64FragEx(unescape(url.substring(hashPos + 1)))) + return true; + url = url.substring(0, hashPos); + } - parts = parts[0].split(/[&;]/); // check query string + let parts = url.substring(0, hashPos).split(/[&;]/); // check query string for (let p of parts) { var pos = p.indexOf("="); if (pos > -1) p = p.substring(pos + 1); |