diff options
Diffstat (limited to 'src/xss')
-rw-r--r-- | src/xss/InjectionChecker.js | 2 | ||||
-rw-r--r-- | src/xss/XSS.js | 5 | ||||
-rw-r--r-- | src/xss/sanitizeName.js | 13 |
3 files changed, 13 insertions, 7 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 8e2598e..93d32d9 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -741,7 +741,7 @@ XSS.InjectionChecker = (async () => { checkJS: function(s, unescapedUni) { this.log(s); - if (/\?name\b[\s\S]*:|[^&?]\bname\b/.test(s)) { + if (/[=\(](?:[\s\S]*(?:\?name\b[\s\S]*:|[^&?]\bname\b)|name\b)/.test(s)) { this.nameAssignment = true; } diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 94e33fa..89f13f7 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -61,8 +61,9 @@ var XSS = (() => { let block = !!(reasons.urlInjection || reasons.postInjection) if (reasons.protectName) { - RequestUtil.executeOnStart(request, { - file: "/xss/sanitizeName.js", + await include("bg/COntentScriptOnce.js"); + await ContentScriptOnce.execute(request, { + js: [{file: "/xss/sanitizeName.js"}], }); if (!block) return ALLOW; } diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js index 22185f4..4f36cbf 100644 --- a/src/xss/sanitizeName.js +++ b/src/xss/sanitizeName.js @@ -1,4 +1,9 @@ -if (/[<"'\`(=:]/.test(window.name)) { - console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL); - window.name = ""; -} +ns.on("perms", event => { + if (ns.allows("script")) { + let name = ns.getWindowName(); + if (/[<"'\`(=:]/.test(name)) { + console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL); + window.name = window.name.substring(0, window.name.length - name.length); + } + } +}); |