[RESOLVED] XSS false positive when input data is sent

Bug reports and enhancement requests
Post Reply
gruberroland_nc
Posts: 2
Joined: Tue Jun 06, 2017 11:12 am

[RESOLVED] XSS false positive when input data is sent

Post by gruberroland_nc »

Hi,

I get an XSS alert on this page for doing a search for "123678":

https://www.conrad.de/de/Search.html?se ... pe=REGULAR

The reason is that the page is sending the search terms as parameter to an external service via JS. But there is no XSS at all here. The parameters not even include any special characters.
These kind of requests are quite common for tracking services. So probably other sites will have the same issues.

Can you check this and adjust the XSS detection?


Best regards
Roland
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: XSS detection reports false positive when input data is

Post by barbaz »

We need more information to help you.

I cannot reproduce any XSS warning on that site with NoScript latest development build 5.0.6rc4. Do you get this XSS warning with NoScript latest development build?

If so, please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
*Always* check the changelogs BEFORE updating that important software!
-
gruberroland_nc
Posts: 2
Joined: Tue Jun 06, 2017 11:12 am

Re: XSS detection reports false positive when input data is

Post by gruberroland_nc »

True, the development version fixes the issue. Sorry for the noise. :oops:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: XSS detection reports false positive when input data is

Post by barbaz »

No problem, thanks for reporting back. :)
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply