From c1b3922de121ca3ad47c503d76183b76f6ef9404 Mon Sep 17 00:00:00 2001 From: hackademix Date: Mon, 21 Oct 2019 23:17:18 +0200 Subject: Fixed false positive (property assignment). --- src/xss/InjectionChecker.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 3d4303b..a903063 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -293,7 +293,8 @@ XSS.InjectionChecker = (async () => { ), _maybeJSRx: new RegExp( - '(?:(?:\\[[^]+\\]|\\.\\D)(?:[^]*\\([^]*\\)|[^*]`[^]+`|[^=]*=[^=][^]*\\S)' + + '(?:(?:\\[[^]+\\]|\\.\\D)[^;&/\'"]*(?:/[^]*|)' + + '(?:\\([^]*\\)|[^]*`[^]+`|=[^=][^]*\\S)' + // double function call '|\\([^]*\\([^]*\\)' + ')|(?:^|\\W)(?:' + IC_EVAL_PATTERN + -- cgit v1.2.3