In my limited testing I haven't seen this to be the case.
How would the internals even be aware that what comes after google. is a valid TLD as long as the hostname overall is a valid hostname?
google.pzt.com is a valid hostname as far as syntax goes...
Search found 2 matches
- Thu Aug 19, 2010 5:50 pm
- Forum: NoScript Development
- Topic: [INVALID] Anti-XSS Protection Regex for google unsafe
- Replies: 4
- Views: 3468
- Thu Aug 19, 2010 5:22 pm
- Forum: NoScript Development
- Topic: [INVALID] Anti-XSS Protection Regex for google unsafe
- Replies: 4
- Views: 3468
[INVALID] Anti-XSS Protection Regex for google unsafe
The Regex in the Anti-XSS Protection for google: ^https?://([a-z]+)\.google\.(?:[a-z]{1,3}\.)?[a-z]+/(?:search|custom|\1)\? Allows for matches against domains that aren't owned by google. For example, the Anti-XSS protection doesn't work for the following example hostnames: * http://www.google.pzt.c...