[XSS] More resilient name handling.

hackademix · hackademix · commit d6b62766d18f · 2022-02-04T00:17:05.000+01:00
diff --git a/src/nscl b/src/nscl
@@ -1 +1 @@
-Subproject commit 1f5b1bbe32d808270854cb4f0e3b3af8fa8af3d7
+Subproject commit fa49ecb52140aa80db30a7fa834f6358acc94a13
diff --git a/src/xss/XSS.js b/src/xss/XSS.js
@@ -118,10 +118,14 @@ var XSS = (() => {
 
       if (reasons.protectName) {
         await include("/nscl/service/ContentScriptOnce.js");
-        await ContentScriptOnce.execute(request, {
-          js: [{file: "/xss/sanitizeName.js"}],
-        });
-        if (!block) return ALLOW;
+        try {
+          await ContentScriptOnce.execute(request, {
+            js: [{file: "/xss/sanitizeName.js"}],
+          });
+          if (!block) return ALLOW;
+        } catch (e) {
+          error(e, "Sanitizing name in request", request.url);
+        }
       }
       if (reasons.urlInjection) data.push(`(URL) ${unescapedDest}`);
       if (reasons.postInjection) data.push(`(POST) ${reasons.postInjection}`);
