summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/InjectionChecker.js2
-rw-r--r--src/xss/XSS.js5
-rw-r--r--src/xss/sanitizeName.js13
3 files changed, 13 insertions, 7 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 8e2598e..93d32d9 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -741,7 +741,7 @@ XSS.InjectionChecker = (async () => {
checkJS: function(s, unescapedUni) {
this.log(s);
- if (/\?name\b[\s\S]*:|[^&?]\bname\b/.test(s)) {
+ if (/[=\(](?:[\s\S]*(?:\?name\b[\s\S]*:|[^&?]\bname\b)|name\b)/.test(s)) {
this.nameAssignment = true;
}
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 94e33fa..89f13f7 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -61,8 +61,9 @@ var XSS = (() => {
let block = !!(reasons.urlInjection || reasons.postInjection)
if (reasons.protectName) {
- RequestUtil.executeOnStart(request, {
- file: "/xss/sanitizeName.js",
+ await include("bg/COntentScriptOnce.js");
+ await ContentScriptOnce.execute(request, {
+ js: [{file: "/xss/sanitizeName.js"}],
});
if (!block) return ALLOW;
}
diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js
index 22185f4..4f36cbf 100644
--- a/src/xss/sanitizeName.js
+++ b/src/xss/sanitizeName.js
@@ -1,4 +1,9 @@
-if (/[<"'\`(=:]/.test(window.name)) {
- console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
- window.name = "";
-}
+ns.on("perms", event => {
+ if (ns.allows("script")) {
+ let name = ns.getWindowName();
+ if (/[<"'\`(=:]/.test(name)) {
+ console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
+ window.name = window.name.substring(0, window.name.length - name.length);
+ }
+ }
+});