Mirrors
/
noscript
mirror of https://github.com/hackademix/noscript.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[XSS] Fix false positive on Microsoft authentication (thanks GrK and Hanna_Payne for reporting).

This commit is contained in:
hackademix 2022-01-30 00:34:14 +01:00
parent e34405ab2e
commit 962cfda0b7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/xss/InjectionChecker.js
View File

@ -886,7 +886,7 @@ XSS.InjectionChecker = (async () => {
l = l.replace(/[^=]*=\s*/i, '').replace(/[\u0000-\u001f]/g, ''); l = l.replace(/[^=]*=\s*/i, '').replace(/[\u0000-\u001f]/g, '');
l = /^["']/.test(l) ? l.replace(/^(['"])([^]*?)\1[^]*/g, '$2') : l.replace(/[\s>][^]*/, ''); l = /^["']/.test(l) ? l.replace(/^(['"])([^]*?)\1[^]*/g, '$2') : l.replace(/[\s>][^]*/, '');
if (/^(?:javascript|data):|\[[^]+\]/i.test(l) || /[<'"(]/.test(unescape(l)) && await this.checkUrl(l)) return true; if (/^(?:javascript|data):/i.test(l) || /[<'"([]/.test(unescape(l)) && await this.checkUrl(l)) return true;
} }
} }
return this._rxCheck("HTML", s) || this._rxCheck("Globals", s); return this._rxCheck("HTML", s) || this._rxCheck("Globals", s);