| skipped 783 lines |
784 | 784 | | _temp = value |
785 | 785 | | if decode_first: |
786 | 786 | | value = urldecode(value) |
| 787 | + | if conf.safe_chars: |
| 788 | + | safe = f"{safe}{conf.safe_chars}" |
787 | 789 | | if ( |
788 | 790 | | injection_type |
789 | 791 | | and injection_type not in ["HEADER", "COOKIE"] |
| skipped 323 lines |
1113 | 1115 | | if conf.backend == "Microsoft SQL Server" and injection_type == "POST" |
1114 | 1116 | | else "/=*?&:;,+" |
1115 | 1117 | | ) |
1116 | | - | if conf.safe_chars: |
1117 | | - | safe = f"{conf.safe_chars}{safe}" |
1118 | 1118 | | if not is_json and not key == "#1*": |
1119 | 1119 | | text = urlencode( |
1120 | 1120 | | value=text, |
| skipped 949 lines |