diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 3d4303b..a903063 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -293,7 +293,8 @@ XSS.InjectionChecker = (async () => { ), _maybeJSRx: new RegExp( - '(?:(?:\\[[^]+\\]|\\.\\D)(?:[^]*\\([^]*\\)|[^*]`[^]+`|[^=]*=[^=][^]*\\S)' + + '(?:(?:\\[[^]+\\]|\\.\\D)[^;&/\'"]*(?:/[^]*|)' + + '(?:\\([^]*\\)|[^]*`[^]+`|=[^=][^]*\\S)' + // double function call '|\\([^]*\\([^]*\\)' + ')|(?:^|\\W)(?:' + IC_EVAL_PATTERN +