[XSS] More resilient name handling.

2022-02-04 00:17:05 +01:00 · 2022-02-04 00:17:05 +01:00 · d6b62766d1
parent 942510f035
commit d6b62766d1
2 changed files with 9 additions and 5 deletions
--- a/src/nscl
+++ b/src/nscl
@ -1 +1 @@
-Subproject commit 1f5b1bbe32d808270854cb4f0e3b3af8fa8af3d7
+Subproject commit fa49ecb52140aa80db30a7fa834f6358acc94a13
--- a/src/xss/XSS.js
+++ b/src/xss/XSS.js
@ -118,10 +118,14 @@ var XSS = (() => {

      if (reasons.protectName) {
        await include("/nscl/service/ContentScriptOnce.js");
-        await ContentScriptOnce.execute(request, {
-          js: [{file: "/xss/sanitizeName.js"}],
-        });
-        if (!block) return ALLOW;
+        try {
+          await ContentScriptOnce.execute(request, {
+            js: [{file: "/xss/sanitizeName.js"}],
+          });
+          if (!block) return ALLOW;
+        } catch (e) {
+          error(e, "Sanitizing name in request", request.url);
+        }
      }
      if (reasons.urlInjection) data.push(`(URL) ${unescapedDest}`);
      if (reasons.postInjection) data.push(`(POST) ${reasons.postInjection}`);