From 2f9c5299afe0d612deff7f89c948bb44332f2abf Mon Sep 17 00:00:00 2001 From: hackademix Date: Sat, 18 Aug 2018 03:16:54 +0200 Subject: Removed all references to RequestUtil.js and dependancies. --- src/xss/InjectionChecker.js | 2 +- src/xss/XSS.js | 5 +++-- src/xss/sanitizeName.js | 13 +++++++++---- 3 files changed, 13 insertions(+), 7 deletions(-) (limited to 'src/xss') diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 8e2598e..93d32d9 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -741,7 +741,7 @@ XSS.InjectionChecker = (async () => { checkJS: function(s, unescapedUni) { this.log(s); - if (/\?name\b[\s\S]*:|[^&?]\bname\b/.test(s)) { + if (/[=\(](?:[\s\S]*(?:\?name\b[\s\S]*:|[^&?]\bname\b)|name\b)/.test(s)) { this.nameAssignment = true; } diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 94e33fa..89f13f7 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -61,8 +61,9 @@ var XSS = (() => { let block = !!(reasons.urlInjection || reasons.postInjection) if (reasons.protectName) { - RequestUtil.executeOnStart(request, { - file: "/xss/sanitizeName.js", + await include("bg/COntentScriptOnce.js"); + await ContentScriptOnce.execute(request, { + js: [{file: "/xss/sanitizeName.js"}], }); if (!block) return ALLOW; } diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js index 22185f4..4f36cbf 100644 --- a/src/xss/sanitizeName.js +++ b/src/xss/sanitizeName.js @@ -1,4 +1,9 @@ -if (/[<"'\`(=:]/.test(window.name)) { - console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL); - window.name = ""; -} +ns.on("perms", event => { + if (ns.allows("script")) { + let name = ns.getWindowName(); + if (/[<"'\`(=:]/.test(name)) { + console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL); + window.name = window.name.substring(0, window.name.length - name.length); + } + } +}); -- cgit v1.2.3