From 3c54e96ff3db1df97684e2bc2e6f9b7eac072271 Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Wed, 10 Apr 2024 19:46:57 +0000 Subject: [PATCH 1/2] Adding clause where url( quotes will not be double escaped --- jsjaws.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jsjaws.py b/jsjaws.py index 4f6d6e6f..f85358c2 100755 --- a/jsjaws.py +++ b/jsjaws.py @@ -2224,7 +2224,7 @@ def _set_element_attribute_script(attr_id: str, attr_val: str, random_element_va if '"' in attr_val: attr_val = attr_val.replace('"', '\\"') - if "\\" in attr_val: + if "\\" in attr_val and "url(" not in attr_val: attr_val = attr_val.replace("\\", "\\\\") return f'{random_element_varname}.setAttribute("{attr_id}", "{attr_val}");\n' From 6eeb3ae0d4bc30cf8f8c0a189e59f3bd99c27743 Mon Sep 17 00:00:00 2001 From: cccs-kevin Date: Wed, 10 Apr 2024 19:47:37 +0000 Subject: [PATCH 2/2] Adding AJAX handling for finding elements by class name --- tools/malwarejail/env/web/browser.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tools/malwarejail/env/web/browser.js b/tools/malwarejail/env/web/browser.js index 16acc185..7b5fadb6 100644 --- a/tools/malwarejail/env/web/browser.js +++ b/tools/malwarejail/env/web/browser.js @@ -143,6 +143,11 @@ $ = function (thing) { let attribute = split_selector[1]; let element = document.getElementById(id); return element; + } else if (typeof thing === "string" && thing.indexOf(".") === 0) { + // This is a getter for the class! + let class_name = thing.replace(".", ""); + let element = document.getElementById(class_name); + return element; } return document.getElementById(thing); };