From d2969b90359599bfa76e836a91aa9aca1847325f Mon Sep 17 00:00:00 2001
From: cccs-kevin <kevin.hardy-cooper@cyber.gc.ca>
Date: Fri, 1 Mar 2024 13:33:56 +0000
Subject: [PATCH] Adding regex check that form action is indeed a URL

---
 jsjaws.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/jsjaws.py b/jsjaws.py
index 5baa3b43..ab26fcd5 100755
--- a/jsjaws.py
+++ b/jsjaws.py
@@ -4427,7 +4427,7 @@ def _hunt_for_suspicious_forms(self, soup: BeautifulSoup) -> None:
                     if not value:
                         continue
                     # https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attributes_for_form_submission
-                    if key == "action":
+                    if key == "action" and re.match(FULL_URI, value):
                         form_has_action = True
                         if self.single_script_with_unescape:
                             # A form with an action was created from a single script that used an unescape AND the form
@@ -4454,7 +4454,7 @@ def _hunt_for_suspicious_forms(self, soup: BeautifulSoup) -> None:
                                 if not value:
                                     continue
                                 # https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#action
-                                if key == "formaction":
+                                if key == "formaction" and re.match(FULL_URI, value):
                                     form_has_action = True
                                     if self.single_script_with_unescape:
                                         # A form with an action was created from a single script that used an