From 37d148e3af8f33f9a8b89ebc392b869c30dafb54 Mon Sep 17 00:00:00 2001
From: hackademix
Date: Tue, 28 May 2019 00:48:00 +0200
Subject: Fixed JSON parsing preamble regression.

---
 src/xss/InjectionChecker.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/xss')

diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index d750232..ae5fea0 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -172,7 +172,8 @@ XSS.InjectionChecker = (async () => {
       const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/;
 
       // optimistic case first, one big JSON block
-      let m = s.match(/{[^]+}|\[\s*{[^]+}\s*\]/);
+      s = s.replace(/[^{"]+=/, "")
+      let m = s.match(/{[^]+}|\[[^]*{[^]*}[^]*\]/);
       if (!m) return s;
 
       // semicolon-separated JSON chunks, like on syndication.twitter.com
-- 
cgit v1.2.3