summaryrefslogtreecommitdiff
path: root/src/xss/InjectionChecker.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/xss/InjectionChecker.js')
-rw-r--r--src/xss/InjectionChecker.js6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 157147e..a309891 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -1,6 +1,6 @@
-debug("Initializing InjectionChecker");
XSS.InjectionChecker = (async () => {
await include([
+ "/common/SyntaxChecker.js",
"/lib/Base64.js",
"/lib/Timing.js",
"/xss/FlashIdiocy.js",
@@ -1031,7 +1031,7 @@ XSS.InjectionChecker = (async () => {
return true;
if (s.indexOf("&") !== -1) {
- let unent = Entities.convertAll(s);
+ let unent = await Entities.convertAll(s);
if (unent !== s && await this._checkRecursive(unent, depth)) return true;
}
@@ -1050,7 +1050,7 @@ XSS.InjectionChecker = (async () => {
return true;
if (/[\u0000-\u001f]|&#/.test(unescaped)) {
- let unent = Entities.convertAll(unescaped.replace(/[\u0000-\u001f]+/g, ''));
+ let unent = await Entities.convertAll(unescaped.replace(/[\u0000-\u001f]+/g, ''));
if (unescaped != unent && await this._checkRecursive(unent, depth)) {
this.log("Trash-stripped nested URL match!");
return true;
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 12:27:47 +0000