From 888a284f58770d26531a59a9590a62411abb2602 Mon Sep 17 00:00:00 2001 From: hackademix Date: Thu, 10 Sep 2020 00:30:34 +0200 Subject: [PATCH] [XSS] Fixed escape detection bug causing strage false positives (thanks Dave Howorth for report). --- src/xss/InjectionChecker.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/xss/InjectionChecker.js b/src/xss/InjectionChecker.js index 2a49d67e..497d78cf 100644 --- a/src/xss/InjectionChecker.js +++ b/src/xss/InjectionChecker.js @@ -306,7 +306,7 @@ XSS.InjectionChecker = (async () => { '\\.' + IC_COMMENT_PATTERN + "src" + IC_COMMENT_PATTERN + '=' + IC_EVENT_DOS_PATTERN + "|\\b" + fuzzify("onerror") + "\\b[^]*=" + - "|=[s\\\\[ux]?\d{2}" + // escape (unicode/ascii/octal) + "|=\\\\[ux]?\\d{2}" + // escape (unicode/ascii/octal) "|\\b(?:toString|valueOf)\\b" + IC_COMMENT_PATTERN + "=[^]*(?:" + IC_EVAL_PATTERN + ")" + "|(?:\\)|(?:[^\\w$]|^)[$a-zA-Z_\\u0ff-\\uffff][$\\w\\u0ff-\\uffff]*)" + IC_COMMENT_PATTERN + '=>' + // concise function definition "|(?:[^\\w$]|^)" + IC_EVENT_PATTERN + IC_COMMENT_PATTERN + "="