Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[XSS] Fixed anti-HPP coalescing wrongly applied to POST requests causing JSON reduction optimization to choke on big payloads.

This commit is contained in:
hackademix 2018-07-12 18:58:57 +02:00
parent 8f6574661d
commit 7e3decc8f4
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/xss/InjectionChecker.js
View File

@ -183,7 +183,7 @@ XSS.InjectionChecker = (async () => {
return this.reduceJSON(s.replace(expr, REPL));
}
} catch (e) {}
let iterations = 0;
for (;;) {
let prev = s;
let start = s.indexOf("{");
@ -1002,7 +1002,7 @@ XSS.InjectionChecker = (async () => {
return true;
}
if (s.indexOf("coalesced:") !== 0) {
if (!isPost && s.indexOf("coalesced:") !== 0) {
let coalesced = ASPIdiocy.coalesceQuery(s);
if (coalesced !== s && this.checkRecursive("coalesced:" + coalesced, depth, isPost))
return true;