Skip to content

Commit

Permalink
Merge pull request #701 from CybercentreCanada/bugfix/formaction-url
Browse files Browse the repository at this point in the history 
Adding regex check that form action is indeed a URL
  • Loading branch information
@cccs-kevin
cccs-kevin authored Mar 1, 2024
2 parents 2685c68 + d2969b9 commit 8fcc78e
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions jsjaws.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4435,7 +4435,7 @@ def _hunt_for_suspicious_forms(self, soup: BeautifulSoup) -> None:
if not value:
continue
# https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attributes_for_form_submission
if key == "action":
if key == "action" and re.match(FULL_URI, value):
form_has_action = True
if self.single_script_with_unescape:
# A form with an action was created from a single script that used an unescape AND the form
Expand All @@ -4462,7 +4462,7 @@ def _hunt_for_suspicious_forms(self, soup: BeautifulSoup) -> None:
if not value:
continue
# https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#action
if key == "formaction":
if key == "formaction" and re.match(FULL_URI, value):
form_has_action = True
if self.single_script_with_unescape:
# A form with an action was created from a single script that used an
Expand Down

0 comments on commit 8fcc78e

Please sign in to comment.