[XSS] Simplified preemptive name sanitization.
This commit is contained in:
parent
ab1a5d4942
commit
7aeac83eeb
|
@ -20,10 +20,10 @@
|
|||
|
||||
ns.on("capabilities", event => {
|
||||
if (ns.allows("script")) {
|
||||
let name = ns.getWindowName();
|
||||
if (/[<"'\`(=:]/.test(name)) {
|
||||
console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
|
||||
window.name = window.name.substring(0, window.name.length - name.length);
|
||||
let dangerousRx = /[<"'\`(=:]/g;
|
||||
if (/[<"'\`(=:]/.test(window.name)) {
|
||||
console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
|
||||
window.name = window.name.replace(dangerousRx, '');
|
||||
}
|
||||
}
|
||||
});
|
||||
|
|
Loading…
Reference in New Issue