Make XSS timeouts fatal and reported.
This commit is contained in:
parent
37d148e3af
commit
4d4fa3c6ed
|
@ -58,7 +58,7 @@ var XSS = (() => {
|
||||||
data = [];
|
data = [];
|
||||||
} catch (e) {
|
} catch (e) {
|
||||||
error(e, "XSS filter processing %o", xssReq);
|
error(e, "XSS filter processing %o", xssReq);
|
||||||
if (e instanceof TimingException) {
|
if (e instanceof TimingException && !/\btimeout\b/i.test(e.message)) {
|
||||||
// we don't want prompts if the request expired / errored first
|
// we don't want prompts if the request expired / errored first
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -256,6 +256,7 @@ var XSS = (() => {
|
||||||
let ic = new (await this.InjectionChecker)();
|
let ic = new (await this.InjectionChecker)();
|
||||||
let {timing} = ic;
|
let {timing} = ic;
|
||||||
timingsMap.set(request.id, timing);
|
timingsMap.set(request.id, timing);
|
||||||
|
timing.fatalTimeout = true;
|
||||||
|
|
||||||
let postInjection = xssReq.isPost &&
|
let postInjection = xssReq.isPost &&
|
||||||
request.requestBody && request.requestBody.formData &&
|
request.requestBody && request.requestBody.formData &&
|
||||||
|
|
Loading…
Reference in New Issue