Skip to content

Commit 7aeac83

Browse files
hackademixhackademix
committed
[XSS] Simplified preemptive name sanitization.
1 parent ab1a5d4 commit 7aeac83

File tree

1 file changed

+4
-4
lines changed

1 file changed

+4
-4
lines changed

src/xss/sanitizeName.js

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,10 @@
2020

2121
ns.on("capabilities", event => {
2222
if (ns.allows("script")) {
23-
let name = ns.getWindowName();
24-
if (/[<"'\`(=:]/.test(name)) {
25-
console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, name, document.URL);
26-
window.name = window.name.substring(0, window.name.length - name.length);
23+
let dangerousRx = /[<"'\`(=:]/g;
24+
if (/[<"'\`(=:]/.test(window.name)) {
25+
console.log(`NoScript XSS filter sanitizing suspicious window.name "%s" on %s`, window.name, document.URL);
26+
window.name = window.name.replace(dangerousRx, '');
2727
}
2828
}
2929
});

0 commit comments

Comments
 (0)