[XSS] Fix Base64 hash checks interfering with query string checks (thanks barbaz for reporting).
This commit is contained in:
parent
bdda426611
commit
c4d8605e51
|
@ -934,7 +934,7 @@ XSS.InjectionChecker = (async () => {
|
||||||
url = url.substring(0, hashPos);
|
url = url.substring(0, hashPos);
|
||||||
}
|
}
|
||||||
|
|
||||||
let parts = url.substring(0, hashPos).split(/[&;]/); // check query string
|
let parts = url.split(/[&;]/); // check query string
|
||||||
for (let p of parts) {
|
for (let p of parts) {
|
||||||
var pos = p.indexOf("=");
|
var pos = p.indexOf("=");
|
||||||
if (pos > -1) p = p.substring(pos + 1);
|
if (pos > -1) p = p.substring(pos + 1);
|
||||||
|
|
Loading…
Reference in New Issue