3 files changed, 13 insertions, 7 deletions

diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 8e2598e..93d32d9 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -741,7 +741,7 @@ XSS.InjectionChecker = (async () => {
     checkJS: function(s, unescapedUni) {
       this.log(s);
 
-      if (/\?name\b[\s\S]*:|[^&?]\bname\b/.test(s)) {
+      if (/[=\(](?:[\s\S]*(?:\?name\b[\s\S]*:|[^&?]\bname\b)|name\b)/.test(s)) {
         this.nameAssignment = true;
       }
 
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 94e33fa..89f13f7 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -61,8 +61,9 @@ var XSS = (() => {
       let block = !!(reasons.urlInjection || reasons.postInjection)
 
       if (reasons.protectName) {
-        RequestUtil.executeOnStart(request, {
-          file: "/xss/sanitizeName.js",
+        await include("bg/COntentScriptOnce.js");
+        await ContentScriptOnce.execute(request, {
+          js: [{file: "/xss/sanitizeName.js"}],
         });
         if (!block) return ALLOW;
       }
diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js
index 22185f4..4f36cbf 100644
--- a/src/xss/sanitizeName.js
+++ b/src/xss/sanitizeName.js
@@ -1,4 +1,9 @@
-if (/[<"'\`(=:]/.test(window.name)) {
-  console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
-  window.name = "";
-}
+ns.on("perms", event => {
+  if (ns.allows("script")) {
+    let name = ns.getWindowName();
+    if (/[<"'\`(=:]/.test(name)) {
+      console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
+      window.name = window.name.substring(0, window.name.length - name.length);
+    }
+  }
+});