From dc3a767804a8aa8b06541c00ef7c8bf2e288d297 Mon Sep 17 00:00:00 2001
From: hackademix <giorgio@maone.net>
Date: Fri, 8 Sep 2023 15:14:06 +0100
Subject: [PATCH] [XSS] Better specificity of HTML elements preliminary checks.

---
 src/xss/InjectionChecker.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js
index cfafe20..8f7c689 100644
--- a/src/xss/InjectionChecker.js
+++ b/src/xss/InjectionChecker.js
@@ -916,7 +916,7 @@ XSS.InjectionChecker = (async () => {
     GlobalsChecker: /https?:\/\/[\S\s]+["'\s\0](?:id|class|data-\w+)[\s\0]*=[\s\0]*("')?\w{3,}(?:[\s\0]|\1|$)|(?:id|class|data-\w+)[\s\0]*=[\s\0]*("')?\w{3,}(?:[\s\0]|\1)[\s\S]*["'\s\0]href[\s\0]*=[\s\0]*(?:"')?https?:\/\//i,
     HTMLChecker: new RegExp("<[^\\w<>]*(?:[^<>\"'\\s]*:)?[^\\w<>]*(?:" + // take in account quirks and namespaces
       fuzzify("script|form|style|svg|marquee|(?:link|object|embed|applet|param|i?frame|base|body|meta|ima?ge?|video|audio|bindings|set|isindex|animate|template") +
-      ")[^>\\w])|['\"\\s\\0/](?:style|innerhtml|data-bind|(?:data-)?mv-(?:\\w+[\\w-]*)|" + IC_EVENT_PATTERN +
+      ")[^>\\w][^>]+=)|['\"\\s\\0/](?:style|innerhtml|data-bind|(?:data-)?mv-(?:\\w+[\\w-]*)|" + IC_EVENT_PATTERN +
       ")[\\s\\0]*=|<%[^]+[=(][^]+%>", "i"),
 
     async checkHTML(s) {