OEIS & too aggressive anti-XSS

Bug reports and enhancement requests
Post Reply
mmk
Posts: 1
Joined: Wed Jun 28, 2017 7:49 am

OEIS & too aggressive anti-XSS

Post by mmk »

Hi,

both NS 5.0.5 / 5.0.6rc4 copy-pasted url:

Code: Select all

http://oeis.org/wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity)
rewrite as:

Code: Select all

http://oeis.org/wiki/Omega_n_,_number_of_prime_factors_of_n_with_multiplicity#4942368359429259376
Below log from Firefox 54.0 console:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity) (function anonymous( ) { wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity) /* COMMENT_TERMINATOR */ DUMMY_EXPR })

[NoScript XSS] Wyczyszczone podejrzane żądania. Oryginalny URL [http://oeis.org/wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity)] żądany z [[System Principal]]. Wyczyszczony URL: [http://oeis.org/wiki/Omega%20n%20,_number_of_prime_factors_of_n_%20with_multiplicity%20#1740810798906831164].

GET  http://oeis.org/wiki/Omega%20n%20,_number_of_prime_factors_of_n_%20with_multiplicity%20#1740810798906831164 [HTTP/1.1 301 Moved Permanently 213 ms]

GET  http://oeis.org/wiki/Omega_n_,_number_of_prime_factors_of_n_with_multiplicity#1740810798906831164 [HTTP/1.1 404 Not Found 943 ms]
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Top
barbaz
Senior Member
Posts: 10847
Joined: Sat Aug 03, 2013 5:45 pm

Re: OEIS & too aggressive anti-XSS

Post by barbaz »

workaround: NoScript Options > Advanced > XSS, add this exception

Code: Select all

^https?://oeis\.org/wiki/
*Always* check the changelogs BEFORE updating that important software!
-
Top
Post Reply

Return to “NoScript Development”