diff --git a/lib/helpers/isURLSameOrigin.js b/lib/helpers/isURLSameOrigin.js
index a9a8e184c7..f1d89ad19d 100644
--- a/lib/helpers/isURLSameOrigin.js
+++ b/lib/helpers/isURLSameOrigin.js
@@ -1,7 +1,6 @@
'use strict';
var utils = require('./../utils');
-var isValidXss = require('./isValidXss');
module.exports = (
utils.isStandardBrowserEnv() ?
@@ -22,10 +21,6 @@ module.exports = (
function resolveURL(url) {
var href = url;
- if (isValidXss(url)) {
- throw new Error('URL contains XSS injection attempt');
- }
-
if (msie) {
// IE needs attribute set twice to normalize properties
urlParsingNode.setAttribute('href', href);
diff --git a/lib/helpers/isValidXss.js b/lib/helpers/isValidXss.js
deleted file mode 100644
index 3c834a7cfa..0000000000
--- a/lib/helpers/isValidXss.js
+++ /dev/null
@@ -1,7 +0,0 @@
-'use strict';
-
-module.exports = function isValidXss(requestURL) {
- var xssRegex = /(\b)(on\w+)=|javascript|(<\s*)(\/*)script/gi;
- return xssRegex.test(requestURL);
-};
-
diff --git a/test/specs/helpers/isURLSameOrigin.spec.js b/test/specs/helpers/isURLSameOrigin.spec.js
index ab43472636..c26c770351 100644
--- a/test/specs/helpers/isURLSameOrigin.spec.js
+++ b/test/specs/helpers/isURLSameOrigin.spec.js
@@ -8,10 +8,4 @@ describe('helpers::isURLSameOrigin', function () {
it('should detect different origin', function () {
expect(isURLSameOrigin('https://github.com/axios/axios')).toEqual(false);
});
-
- it('should detect XSS scripts on a same origin request', function () {
- expect(function() {
- isURLSameOrigin('https://github.com/axios/axios?');
- }).toThrowError(Error, 'URL contains XSS injection attempt')
- });
});
diff --git a/test/specs/helpers/isValidXss.spec.js b/test/specs/helpers/isValidXss.spec.js
deleted file mode 100644
index dcfcf9d772..0000000000
--- a/test/specs/helpers/isValidXss.spec.js
+++ /dev/null
@@ -1,25 +0,0 @@
-var isValidXss = require('../../../lib/helpers/isValidXss');
-
-describe('helpers::isValidXss', function () {
- it('should detect script tags', function () {
- expect(isValidXss("")).toBe(true);
- expect(isValidXss("")).toBe(true);
- expect(isValidXss("")).toBe(true);
- expect(isValidXss("xss")).toBe(true);
- expect(isValidXss("")).toBe(true);
- expect(isValidXss("onerror=alert('XSS')")).toBe(true);
- expect(isValidXss("Click Me")).toBe(true);
- });
-
- it('should not detect non script tags', function() {
- expect(isValidXss("/one/?foo=bar")).toBe(false);
- expect(isValidXss(" tags")).toBe(false);
- expect(isValidXss("")).toBe(false);
- expect(isValidXss(">>> safe <<<")).toBe(false);
- expect(isValidXss("<<< safe >>>")).toBe(false);
- expect(isValidXss("my script rules")).toBe(false);
- expect(isValidXss("")).toBe(false);
- expect(isValidXss("MyTitle
")).toBe(false);
- expect(isValidXss("")).toBe(false);
- })
-});