[XSS] Fix Base64 hash checks interfering with query string checks (thanks barbaz for reporting).

2023-06-29 17:33:09 +02:00 · 2023-06-29 17:33:09 +02:00 · c4d8605e51
parent bdda426611
commit c4d8605e51
1 changed files with 1 additions and 1 deletions
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@ -934,7 +934,7 @@ XSS.InjectionChecker = (async () => {
        url = url.substring(0, hashPos);
      }

-      let parts = url.substring(0, hashPos).split(/[&;]/); // check query string
+      let parts = url.split(/[&;]/); // check query string
      for (let p of parts) {
        var pos = p.indexOf("=");
        if (pos > -1) p = p.substring(pos + 1);