summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/XSS.js17
1 files changed, 2 insertions, 15 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 9c2fca3..93230cd 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -116,12 +116,6 @@ var XSS = (() => {
if (!UA.isMozilla) return; // async webRequest is supported on Mozilla only
let {onBeforeRequest} = browser.webRequest;
- let {xssScanRequestBody} = ns.sync;
- if (xssScanRequestBody !== this.xssScanRequestBody) {
- this.stop();
- this.xssScanRequestBody = xssScanRequestBody;
- }
- this.xssBlockUnscannedPOST = ns.sync.xssBlockUnscannedPOST;
if (onBeforeRequest.hasListener(requestListener)) return;
@@ -144,9 +138,7 @@ var XSS = (() => {
onBeforeRequest.addListener(requestListener, {
urls: ["*://*/*"],
types: ["main_frame", "sub_frame", "object"]
- },
- // work-around for https://bugzilla.mozilla.org/show_bug.cgi?id=1532530
- xssScanRequestBody ? ["blocking", "requestBody"] : ["blocking"]);
+ }, ["blocking", "requestBody"]);
},
stop() {
@@ -247,13 +239,8 @@ var XSS = (() => {
ic.reset();
let postInjection = xssReq.isPost &&
- (XSS.xssScanRequestBody ?
request.requestBody && request.requestBody.formData &&
- ic.checkPost(request.requestBody.formData, skipParams)
- : XSS.xssBlockUnscannedPOST &&
- (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches
- ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost"))
- );
+ ic.checkPost(request.requestBody.formData, skipParams);
let protectName = ic.nameAssignment;
let urlInjection = ic.checkUrl(destUrl, skipRx);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-22 06:28:46 +0000