From 7aeac83eeb2ad7e5e499eacf0358f23a65373918 Mon Sep 17 00:00:00 2001
From: hackademix <giorgio@maone.net>
Date: Tue, 8 Feb 2022 11:01:03 +0100
Subject: [PATCH] [XSS] Simplified preemptive name sanitization.

---
 src/xss/sanitizeName.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/xss/sanitizeName.js b/src/xss/sanitizeName.js
index 7eba9c4..457c6cd 100644
--- a/src/xss/sanitizeName.js
+++ b/src/xss/sanitizeName.js
@@ -20,10 +20,10 @@
 
 ns.on("capabilities", event => {
   if (ns.allows("script")) {
-    let name = ns.getWindowName();
-    if (/[<"'\`(=:]/.test(name)) {
-      console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
-      window.name = window.name.substring(0, window.name.length - name.length);
+    let dangerousRx = /[<"'\`(=:]/g;
+    if (/[<"'\`(=:]/.test(window.name)) {
+      console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
+      window.name = window.name.replace(dangerousRx, '');
     }
   }
 });