[XSS] Fix for old pre-screening optimization exploitable to bypass the filter in recent browsers (thanks Tsubasa FUJII for reporting).

This commit is contained in:
hackademix 2021-01-07 00:58:09 +01:00
parent 404869418c
commit 5499f5fe01
1 changed files with 1 additions and 1 deletions

View File

@ -345,7 +345,7 @@ XSS.InjectionChecker = (async () => {
.replace(this._arrayAccessRx, '_ARRAY_ACCESS_') .replace(this._arrayAccessRx, '_ARRAY_ACCESS_')
.replace(/<([\w:]+)>[^</(="'`]+<\/\1>/g, '<$1/>') // reduce XML text nodes .replace(/<([\w:]+)>[^</(="'`]+<\/\1>/g, '<$1/>') // reduce XML text nodes
.replace(/<!--/g, '') // remove HTML comments preamble (see next line) .replace(/<!--/g, '') // remove HTML comments preamble (see next line)
.replace(/(^(?:[^/]*[=;.+-])?)\s*[\[(]+/g, '$1') // remove leading parens and braces .replace(/(^(?:[^/?]*[=;.+-])?)\s*[\[(]+/g, '$1') // remove leading parens and braces
.replace(this._openIdRx, '_OPENID_SCOPE_=XYZ') .replace(this._openIdRx, '_OPENID_SCOPE_=XYZ')
.replace(/^[^=]*OPENid\.(\w+)=/gi, "OPENid_\1") .replace(/^[^=]*OPENid\.(\w+)=/gi, "OPENid_\1")
.replace(this._gmxRx, '_GMX_-_GMX_'); .replace(this._gmxRx, '_GMX_-_GMX_');