[XSS] Make InjectionChecker's regular expressions easier to debug.

Author: hackademix

src/nscl

@@ -47,7 +47,7 @@ include("InjectionChecker.js");
       let ic = new (await XSS.InjectionChecker)();
 
       if (debugging) {
-        ic.logEnabled = true;
+        ic.debugging = true;
         debug("[XSS] InjectionCheckWorker started in %s ms (%s).",
           Date.now() - xssReq.timestamp, destUrl);
       } else {
@@ -91,7 +91,7 @@ include("InjectionChecker.js");
     if (msg.handler in Handlers) try {
       await Handlers[msg.handler](msg);
     } catch (e) {
-      postMessage({error: e.message});
+      postMessage({error: `${e.message}\n${e.stack}`});
     }
   }
 

src/xss/InjectionCheckWorker.js

@@ -22,6 +22,7 @@ XSS.InjectionChecker = (async () => {
   await include([
     "/nscl/common/SyntaxChecker.js",
     "/nscl/common/Base64.js",
+    "/nscl/common/DebuggableRegExp.js",
     "/nscl/common/Timing.js",
     "/xss/FlashIdiocy.js",
     "/xss/ASPIdiocy.js",
@@ -83,6 +84,18 @@ XSS.InjectionChecker = (async () => {
       this.log = v ? this._log : function() {};
     },
 
+    _debugging: false,
+    get debugging() {
+      return this._debugging;
+    },
+    set debugging(b) {
+      this.logEnabled = b;
+      for (const rx of ["_maybeJSRx", "_riskyOperatorsRx"]) {
+        if (this[rx].originalRx) this[rx] = this[rx].originalRx;
+        if (b) this[rx] = new DebuggableRegExp(this[rx]);
+      }
+    },
+
     escalate: function(msg) {
       this.log(msg);
       log("[InjectionChecker] ", msg);