summaryrefslogtreecommitdiff
path: root/src/xss/sanitizeName.js
diff options
context:
space:
mode:
Diffstat (limited to 'src/xss/sanitizeName.js')
-rw-r--r--src/xss/sanitizeName.js13
1 files changed, 9 insertions, 4 deletions
diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js
index 22185f4..4f36cbf 100644
--- a/src/xss/sanitizeName.js
+++ b/src/xss/sanitizeName.js
@@ -1,4 +1,9 @@
-if (/[<"'\`(=:]/.test(window.name)) {
- console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
- window.name = "";
-}
+ns.on("perms", event => {
+ if (ns.allows("script")) {
+ let name = ns.getWindowName();
+ if (/[<"'\`(=:]/.test(name)) {
+ console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
+ window.name = window.name.substring(0, window.name.length - name.length);
+ }
+ }
+});
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 04:05:49 +0000