From 37d148e3af8f33f9a8b89ebc392b869c30dafb54 Mon Sep 17 00:00:00 2001
From: hackademix
Date: Tue, 28 May 2019 00:48:00 +0200
Subject: Fixed JSON parsing preamble regression.

---
 src/lib/Timing.js           | 39 +++++++++++++++++++++++++++++++++++++++
 src/xss/InjectionChecker.js |  3 ++-
 2 files changed, 41 insertions(+), 1 deletion(-)
 create mode 100644 src/lib/Timing.js

(limited to 'src')

diff --git a/src/lib/Timing.js b/src/lib/Timing.js
new file mode 100644
index 0000000..5d09e3a
--- /dev/null
+++ b/src/lib/Timing.js
@@ -0,0 +1,39 @@
+class Timing {
+
+  constructor(workSlot = 4, longTime = 20000, pauseTime = 20) {
+    this.workSlot = workSlot;
+    this.longTime = longTime;
+    this.pauseTime = pauseTime;
+    this.interrupted = false;
+    this.fatalTimeout = false;
+    this.reset();
+  }
+
+  static sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+  }
+
+  async pause() {
+    if (this.interrupted) throw new TimingException("Interrupted");
+    let now = Date.now();
+    this.elapsed = now - this.timeOrigin;
+    if (now - this.lastPause > this.workSlot) {
+      this.tooLong = this.elapsed >= this.longTime;
+      if (this.tooLong && this.fatalTimeout) {
+        throw new TimingException(`Exceeded ${this.longTime}ms timeout`);
+      }
+      await Timing.sleep(this.pauseTime);
+      this.lastPause = Date.now();
+      return true;
+    }
+    return false;
+  }
+
+  reset() {
+    this.elapsed = 0;
+    this.timeOrigin = this.lastPause = Date.now();
+    this.tooLong = false;
+  }
+}
+
+class TimingException extends Error {};
diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index d750232..ae5fea0 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -172,7 +172,8 @@ XSS.InjectionChecker = (async () => {
       const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/;
 
       // optimistic case first, one big JSON block
-      let m = s.match(/{[^]+}|\[\s*{[^]+}\s*\]/);
+      s = s.replace(/[^{"]+=/, "")
+      let m = s.match(/{[^]+}|\[[^]*{[^]*}[^]*\]/);
       if (!m) return s;
 
       // semicolon-separated JSON chunks, like on syndication.twitter.com
-- 
cgit v1.2.3