[XSS] More resilient name handling.

This commit is contained in:
hackademix 2022-02-04 00:17:05 +01:00
parent 942510f035
commit d6b62766d1
2 changed files with 9 additions and 5 deletions

@ -1 +1 @@
Subproject commit 1f5b1bbe32d808270854cb4f0e3b3af8fa8af3d7
Subproject commit fa49ecb52140aa80db30a7fa834f6358acc94a13

View File

@ -118,10 +118,14 @@ var XSS = (() => {
if (reasons.protectName) {
await include("/nscl/service/ContentScriptOnce.js");
await ContentScriptOnce.execute(request, {
js: [{file: "/xss/sanitizeName.js"}],
});
if (!block) return ALLOW;
try {
await ContentScriptOnce.execute(request, {
js: [{file: "/xss/sanitizeName.js"}],
});
if (!block) return ALLOW;
} catch (e) {
error(e, "Sanitizing name in request", request.url);
}
}
if (reasons.urlInjection) data.push(`(URL) ${unescapedDest}`);
if (reasons.postInjection) data.push(`(POST) ${reasons.postInjection}`);