summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/xss/InjectionChecker.js14
1 files changed, 7 insertions, 7 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index a309891..b066515 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -890,14 +890,14 @@ XSS.InjectionChecker = (async () => {
async checkBase64(url) {
this.base64 = false;
- this.log(url);
-
-
- var parts = url.split("#"); // check hash
- if (parts.length > 1 && await this.checkBase64FragEx(unescape(parts[1])))
- return true;
+ let hashPos = url.indexOf("#");
+ if (hashPos !== -1) {
+ if (await this.checkBase64FragEx(unescape(url.substring(hashPos + 1))))
+ return true;
+ url = url.substring(0, hashPos);
+ }
- parts = parts[0].split(/[&;]/); // check query string
+ let parts = url.substring(0, hashPos).split(/[&;]/); // check query string
for (let p of parts) {
var pos = p.indexOf("=");
if (pos > -1) p = p.substring(pos + 1);