From 20b689d015ea5743099bdafcac0c6ca6519c22db Mon Sep 17 00:00:00 2001
From: hackademix
Date: Fri, 1 Feb 2019 01:16:33 +0100
Subject: Fallback XSS filtering to XSS Auditor since asynchronous webRequest
 handlers are not supported by Chromium.

---
 src/xss/XSS.js | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/xss')

diff --git a/src/xss/XSS.js b/src/xss/XSS.js
index f95ea04..7851e98 100644
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@@ -113,6 +113,8 @@ var XSS = (() => {
 
   return {
     async start() {
+      if (!UA.isMozilla) return; // async webRequest is supported on Mozilla only
+
       let {onBeforeRequest} = browser.webRequest;
       if (onBeforeRequest.hasListener(requestListener)) return;
 
-- 
cgit v1.2.3


From 0878ad2b0a0d3af5db66cc6a4f7d882e17a13365 Mon Sep 17 00:00:00 2001
From: hackademix
Date: Fri, 1 Feb 2019 01:17:58 +0100
Subject: Remove usage of non-standard Array methods.

---
 src/xss/InjectionChecker.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'src/xss')

diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index 181ea49..45ef29b 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -107,11 +107,10 @@ XSS.InjectionChecker = (async () => {
       var bs = {
         nq: new RegExp("[" + def + "]")
       };
-      Array.forEach("'\"`", // special treatment for quotes
-        function(c) {
-          bs[c] = new RegExp("[" + def + c + "]");
-        }
-      );
+      for (let c of ['"', '"', '`']) {
+        // special treatment for quotes
+        bs[c] = new RegExp("[" + def + c + "]");
+      }
       delete this.breakStops;
       return (this.breakStops = bs);
     },
-- 
cgit v1.2.3