summaryrefslogtreecommitdiff
path: root/src/xss
diff options
context:
space:
mode:
Diffstat (limited to 'src/xss')
-rw-r--r--src/xss/XSS.js4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index b7bffce..6e0770b 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -245,7 +245,9 @@ var XSS = (() => {
(XSS.xssScanRequestBody ?
request.requestBody && request.requestBody.formData &&
ic.checkPost(request.requestBody.formData, skipParams)
- : XSS.xssBlockUnscannedPOST && ns.requestCan(request, "script") && _("UnscannedXPost")
+ : XSS.xssBlockUnscannedPOST &&
+ request.documentUrl && // exclude non-document POSTs, such as url bar searches
+ ns.requestCan(request, "script") && _("UnscannedXPost")
);
let protectName = ic.nameAssignment;