Skip to content

Commit

Permalink
Adding regex check that form action is indeed a URL
Browse files Browse the repository at this point in the history
  • Loading branch information
@cccs-kevin
cccs-kevin committed Mar 1, 2024
1 parent 7f1fbba commit d2969b9
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions jsjaws.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4427,7 +4427,7 @@ def _hunt_for_suspicious_forms(self, soup: BeautifulSoup) -> None:
if not value:
continue
# https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attributes_for_form_submission
if key == "action":
if key == "action" and re.match(FULL_URI, value):
form_has_action = True
if self.single_script_with_unescape:
# A form with an action was created from a single script that used an unescape AND the form
Expand All @@ -4454,7 +4454,7 @@ def _hunt_for_suspicious_forms(self, soup: BeautifulSoup) -> None:
if not value:
continue
# https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#action
if key == "formaction":
if key == "formaction" and re.match(FULL_URI, value):
form_has_action = True
if self.single_script_with_unescape:
# A form with an action was created from a single script that used an
Expand Down

0 comments on commit d2969b9

Please sign in to comment.