From 169d5f085a7083b62dccb2eff0dec04f300cddae Mon Sep 17 00:00:00 2001 From: hackademix Date: Wed, 20 Mar 2019 23:34:32 +0100 Subject: Improved unscanned POST blocking. --- src/xss/XSS.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 6e0770b..3d9068f 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -246,8 +246,8 @@ var XSS = (() => { request.requestBody && request.requestBody.formData && ic.checkPost(request.requestBody.formData, skipParams) : XSS.xssBlockUnscannedPOST && - request.documentUrl && // exclude non-document POSTs, such as url bar searches - ns.requestCan(request, "script") && _("UnscannedXPost") + (request.originUrl || request.documentUrl) && // exclude non-document POSTs, such as url bar searches + ns.requestCan(request, "script") && ("\n" + _("UnscannedXPost")) ); let protectName = ic.nameAssignment; -- cgit v1.2.3