[XSS] More resilient name handling.
This commit is contained in:
parent
942510f035
commit
d6b62766d1
2
src/nscl
2
src/nscl
|
@ -1 +1 @@
|
|||
Subproject commit 1f5b1bbe32d808270854cb4f0e3b3af8fa8af3d7
|
||||
Subproject commit fa49ecb52140aa80db30a7fa834f6358acc94a13
|
|
@ -118,10 +118,14 @@ var XSS = (() => {
|
|||
|
||||
if (reasons.protectName) {
|
||||
await include("/nscl/service/ContentScriptOnce.js");
|
||||
await ContentScriptOnce.execute(request, {
|
||||
js: [{file: "/xss/sanitizeName.js"}],
|
||||
});
|
||||
if (!block) return ALLOW;
|
||||
try {
|
||||
await ContentScriptOnce.execute(request, {
|
||||
js: [{file: "/xss/sanitizeName.js"}],
|
||||
});
|
||||
if (!block) return ALLOW;
|
||||
} catch (e) {
|
||||
error(e, "Sanitizing name in request", request.url);
|
||||
}
|
||||
}
|
||||
if (reasons.urlInjection) data.push(`(URL) ${unescapedDest}`);
|
||||
if (reasons.postInjection) data.push(`(POST) ${reasons.postInjection}`);
|
||||
|
|
Loading…
Reference in New Issue