From d299436a08a90d29cbff252e13fd387044003a9e Mon Sep 17 00:00:00 2001 From: hackademix Date: Sun, 24 Mar 2019 23:35:05 +0100 Subject: Better detection of privileged URLs in the XSS filter. --- src/xss/XSS.js | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src/xss') diff --git a/src/xss/XSS.js b/src/xss/XSS.js index 3d9068f..18630fa 100644 --- a/src/xss/XSS.js +++ b/src/xss/XSS.js @@ -179,6 +179,9 @@ var XSS = (() => { let unescapedDest = unescape(destUrl); let srcOrigin = srcObj ? srcObj.origin : ""; + if (srcOrigin === "null") { + srcOrigin = srcObj.href.replace(/[\?#].*/, ''); + } let destOrigin = destObj.origin; let isGet = method === "GET"; -- cgit v1.2.3