Search found 2 matches

by alh
Thu Aug 19, 2010 5:50 pm
Forum: NoScript Development
Topic: [INVALID] Anti-XSS Protection Regex for google unsafe
Replies: 4
Views: 3468

Re: [INVALID] Anti-XSS Protection Regex for google unsafe

In my limited testing I haven't seen this to be the case.

How would the internals even be aware that what comes after google. is a valid TLD as long as the hostname overall is a valid hostname?

google.pzt.com is a valid hostname as far as syntax goes...
by alh
Thu Aug 19, 2010 5:22 pm
Forum: NoScript Development
Topic: [INVALID] Anti-XSS Protection Regex for google unsafe
Replies: 4
Views: 3468

[INVALID] Anti-XSS Protection Regex for google unsafe

The Regex in the Anti-XSS Protection for google: ^https?://([a-z]+)\.google\.(?:[a-z]{1,3}\.)?[a-z]+/(?:search|custom|\1)\? Allows for matches against domains that aren't owned by google. For example, the Anti-XSS protection doesn't work for the following example hostnames: * http://www.google.pzt.c...