src/xss/sanitizeName.js


1
2
3
4
5
6
7
8
9

ns.on("capabilities", event => {
  if (ns.allows("script")) {
    let name = ns.getWindowName();
    if (/[<"'\`(=:]/.test(name)) {
      console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
      window.name = window.name.substring(0, window.name.length - name.length);
    }
  }
});