summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/InjectionChecker.js3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index d750232..ae5fea0 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -172,7 +172,8 @@ XSS.InjectionChecker = (async () => {
const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/;
// optimistic case first, one big JSON block
- let m = s.match(/{[^]+}|\[\s*{[^]+}\s*\]/);
+ s = s.replace(/[^{"]+=/, "")
+ let m = s.match(/{[^]+}|\[[^]*{[^]*}[^]*\]/);
if (!m) return s;
// semicolon-separated JSON chunks, like on syndication.twitter.com
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-21 16:52:19 +0000