diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/xss/InjectionChecker.js | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 32d5726..a536aaf 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -302,7 +302,7 @@ XSS.InjectionChecker = (async () => { ')[^]*[\\n,;:|]|\\b(?:' + fuzzify('setter|location|innerHTML|outerHTML') + // eval-like assignments ')\\b[^]*=|' + - '.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' + + '\\.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' + IC_EVENT_DOS_PATTERN + "|\\b" + fuzzify("onerror") + "\\b[^]*=" + "|=[s\\\\[ux]?\d{2}" + // escape (unicode/ascii/octal) |