From e8194aecf034e824751d7da75c35264d81c4f171 Mon Sep 17 00:00:00 2001 From: Raymond Hill Date: Wed, 14 Feb 2024 14:43:29 -0500 Subject: [PATCH] Further improve detection of forbidden `report-xxx` usage in filters As per feedback from https://github.com/distinctmondaylila --- src/js/static-filtering-parser.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/js/static-filtering-parser.js b/src/js/static-filtering-parser.js index 67f82ce69..cc955c5f6 100644 --- a/src/js/static-filtering-parser.js +++ b/src/js/static-filtering-parser.js @@ -896,8 +896,8 @@ export class AstFilterParser { this.reResponseheaderPattern = /^\^responseheader\(.*\)$/; this.rePatternScriptletJsonArgs = /^\{.*\}$/; this.reGoodRegexToken = /[^\x01%0-9A-Za-z][%0-9A-Za-z]{7,}|[^\x01%0-9A-Za-z][%0-9A-Za-z]{1,6}[^\x01%0-9A-Za-z]/; - this.reBadCSP = /(?:^|;)\s*report-(?:to|uri)\b/i; - this.reBadPP = /(?:^|;)\s*report-to\b/i; + this.reBadCSP = /(?:^|[;,])\s*report-(?:to|uri)\b/i; + this.reBadPP = /(?:^|[;,])\s*report-to\b/i; this.reNoopOption = /^_+$/; this.scriptletArgListParser = new ArgListParser(','); }