From d299436a08a90d29cbff252e13fd387044003a9e Mon Sep 17 00:00:00 2001
From: hackademix
Date: Sun, 24 Mar 2019 23:35:05 +0100
Subject: Better detection of privileged URLs in the XSS filter.

---
 src/xss/XSS.js | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/xss/XSS.js')

diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index 3d9068f..18630fa 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -179,6 +179,9 @@ var XSS = (() => {
 
       let unescapedDest = unescape(destUrl);
       let srcOrigin = srcObj ? srcObj.origin : "";
+      if (srcOrigin === "null") {
+        srcOrigin = srcObj.href.replace(/[\?#].*/, '');
+      }
       let destOrigin = destObj.origin;
 
       let isGet = method === "GET";
-- 
cgit v1.2.3