Fixed JSON parsing preamble regression.

src/lib/Timing.js

@@ -0,0 +1,39 @@
+class Timing {
+
+  constructor(workSlot = 4, longTime = 20000, pauseTime = 20) {
+    this.workSlot = workSlot;
+    this.longTime = longTime;
+    this.pauseTime = pauseTime;
+    this.interrupted = false;
+    this.fatalTimeout = false;
+    this.reset();
+  }
+
+  static sleep(ms) {
+    return new Promise(resolve => setTimeout(resolve, ms));
+  }
+
+  async pause() {
+    if (this.interrupted) throw new TimingException("Interrupted");
+    let now = Date.now();
+    this.elapsed = now - this.timeOrigin;
+    if (now - this.lastPause > this.workSlot) {
+      this.tooLong = this.elapsed >= this.longTime;
+      if (this.tooLong && this.fatalTimeout) {
+        throw new TimingException(`Exceeded ${this.longTime}ms timeout`);
+      }
+      await Timing.sleep(this.pauseTime);
+      this.lastPause = Date.now();
+      return true;
+    }
+    return false;
+  }
+
+  reset() {
+    this.elapsed = 0;
+    this.timeOrigin = this.lastPause = Date.now();
+    this.tooLong = false;
+  }
+}
+
+class TimingException extends Error {};

src/xss/InjectionChecker.js

@@ -172,7 +172,8 @@ XSS.InjectionChecker = (async () => {
       const toStringRx = /^function\s*toString\(\)\s*{\s*\[native code\]\s*\}$/;
 
       // optimistic case first, one big JSON block
-      let m = s.match(/{[^]+}|\[\s*{[^]+}\s*\]/);
+      s = s.replace(/[^{"]+=/, "")
+      let m = s.match(/{[^]+}|\[[^]*{[^]*}[^]*\]/);
       if (!m) return s;
 
       // semicolon-separated JSON chunks, like on syndication.twitter.com