Hi,
I get an XSS alert on this page for doing a search for "123678":
https://www.conrad.de/de/Search.html?se ... pe=REGULAR
The reason is that the page is sending the search terms as parameter to an external service via JS. But there is no XSS at all here. The parameters not even include any special characters.
These kind of requests are quite common for tracking services. So probably other sites will have the same issues.
Can you check this and adjust the XSS detection?
Best regards
Roland
[RESOLVED] XSS false positive when input data is sent
-
- Posts: 2
- Joined: Tue Jun 06, 2017 11:12 am
[RESOLVED] XSS false positive when input data is sent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0
Re: XSS detection reports false positive when input data is
We need more information to help you.
I cannot reproduce any XSS warning on that site with NoScript latest development build 5.0.6rc4. Do you get this XSS warning with NoScript latest development build?
If so, please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
I cannot reproduce any XSS warning on that site with NoScript latest development build 5.0.6rc4. Do you get this XSS warning with NoScript latest development build?
If so, please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 2
- Joined: Tue Jun 06, 2017 11:12 am
Re: XSS detection reports false positive when input data is
True, the development version fixes the issue. Sorry for the noise.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:53.0) Gecko/20100101 Firefox/53.0
Re: XSS detection reports false positive when input data is
No problem, thanks for reporting back.
*Always* check the changelogs BEFORE updating that important software!
-