[XSS] Fix Base64 hash checks interfering with query string checks (thanks barbaz for reporting).

This commit is contained in:
hackademix 2023-06-29 17:33:09 +02:00
parent bdda426611
commit c4d8605e51
No known key found for this signature in database
GPG Key ID: 231A83AFDA9C2434
1 changed files with 1 additions and 1 deletions

View File

@ -934,7 +934,7 @@ XSS.InjectionChecker = (async () => {
url = url.substring(0, hashPos); url = url.substring(0, hashPos);
} }
let parts = url.substring(0, hashPos).split(/[&;]/); // check query string let parts = url.split(/[&;]/); // check query string
for (let p of parts) { for (let p of parts) {
var pos = p.indexOf("="); var pos = p.indexOf("=");
if (pos > -1) p = p.substring(pos + 1); if (pos > -1) p = p.substring(pos + 1);