This repository was archived by the owner on Jul 20, 2022. It is now read-only.
File tree Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Expand file tree Collapse file tree 1 file changed +4
-3
lines changed Original file line number Diff line number Diff line change @@ -57,11 +57,12 @@ def registerExtenderCallbacks(self, callbacks):
5757
5858 # pattern: replacement passed into re.sub()
5959 self .sinkPatterns = {
60- r'\.innerHTML\s*=([^=])' : r'.innerHTML=QF9iYXlvdG9w.innerHTML=\1' ,
60+ r'\.innerHTML\s*=([^=])' : r'.innerHTML=QF9iYXlvdG9w.innerHTML=\1' ,
6161 r'eval\(([^)])' : r'eval(QF9iYXlvdG9w.eval=\1' ,
6262 r'document\.write\(([^)])' : r'document.write(QF9iYXlvdG9w.write=\1' ,
63- # r'\$\(([^)])': r'$(QF9iYXlvdG9w.jQuery=\1' # Disabled by default because of excessive usage -> logs way to much stuff
64- r'(\$|jQuery)(\((?:[^;]*))\.(add|append|after|before|html|prepend|replaceWith|wrap|wrapAll)\(([^)])' : r'\1\2.\3(QF9iYXlvdG9w.jQuery_\3=\4' ,
63+ r'(document|window)\.location(?:\.href)?\s*=([^=])' : r'\1.location=QF9iYXlvdG9w.location=\2' ,
64+ r'(window|document)\.location\.replace\(([^)])' : r'\1.location.replace(QF9iYXlvdG9w.location=\2' ,
65+ # Other jQuery sinks will eventually pass data to innerHTML or eval() (globalEval uses "indirect" as eval alias)
6566 r'(\$|jQuery)\.(globalEval|parseHTML)\(([^)])' : r'\1.\2(QF9iYXlvdG9w.jQuery_\2=\3'
6667 }
6768
You can’t perform that action at this time.
0 commit comments