Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make XSS timeouts fatal and reported.

This commit is contained in:
hackademix 2019-05-28 00:48:27 +02:00
parent 37d148e3af
commit 4d4fa3c6ed
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/xss/XSS.js
View File

@ -58,7 +58,7 @@ var XSS = (() => {
data = [];
} catch (e) {
error(e, "XSS filter processing %o", xssReq);
if (e instanceof TimingException) {
if (e instanceof TimingException && !/\btimeout\b/i.test(e.message)) {
// we don't want prompts if the request expired / errored first
return;
}
@ -256,6 +256,7 @@ var XSS = (() => {
let ic = new (await this.InjectionChecker)();
let {timing} = ic;
timingsMap.set(request.id, timing);
timing.fatalTimeout = true;
let postInjection = xssReq.isPost &&
request.requestBody && request.requestBody.formData &&