With the last few development builds I've noticed an increase of XSS warnings.
These are reproducible with 5.0.6RC6:
http://www.ad.nl/buitenland/taxi-rijdt- ... ~a4a4daee/
https://www.consoleshop.nl/product/7853 ... -snes.html
Also I've noticed I need to reload a page when I load a page on my local lan, even if I've allowed the page.
See the linked screenshot:
[RESOLVED] XSS filter problems on various sites?
[RESOLVED] XSS filter problems on various sites?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Re: XSS filter problems on various sites?
Try manually whitelisting the full address with the port -Lizard wrote:Also I've noticed I need to reload a page when I load a page on my local lan, even if I've allowed the page.
Code: Select all
http://diskstation:5000
*Always* check the changelogs BEFORE updating that important software!
-
Re: XSS filter problems on various sites?
Thanks, that seems to work. still strange it also works without the port number after a reload.barbaz wrote:Try manually whitelisting the full address with the port -Lizard wrote:Also I've noticed I need to reload a page when I load a page on my local lan, even if I've allowed the page.Code: Select all
http://diskstation:5000
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Re: XSS filter problems on various sites?
You're welcome.
Regarding the XSS warnings:
When this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)
Regarding the XSS warnings:
When this issue occurs, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)
*Always* check the changelogs BEFORE updating that important software!
-
-
- Posts: 16
- Joined: Wed Aug 04, 2010 9:04 am
Re: XSS filter problems on various sites?
This seems to hit e.g. downloads on github.com quite often. A download of mozregression-gui.exe triggers the XSS protection while Git-2.13.2-64-bit.exe doesn't. Nothing obvious in the console of the browser toolbox.
Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0
Re: XSS filter problems on various sites?
@Archaeopteryx: that might be viewtopic.php?f=10&t=22884
*Always* check the changelogs BEFORE updating that important software!
-
Re: XSS filter problems on various sites?
Here are some logs:
http://www.pcgamer.com/half-life-a-plac ... ease-date/
http://www.pcgamer.com/half-life-a-plac ... ease-date/
http://www.ad.nl/buitenland/taxi-rijdt- ... ~a4a4daee/[NoScript XSS] Sanitized suspicious upload to [https://www.facebook.com/tr/###DATA###SyntaxError: invalid range in character class] from [http://www.pcgamer.com/half-life-a-plac ... _pcgamerfb]: transformed into a download-only GET request.
[NoScript XSS] Sanitized suspicious upload to [https://www.facebook.com/tr/###DATA###SyntaxError: invalid range in character class] from [http://www.ad.nl/buitenland/taxi-rijdt- ... ~a4a4daee/]: transformed into a download-only GET request.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
Re: XSS filter problems on various sites?
Does Marking facebook.net as Untrusted make any difference?
*Always* check the changelogs BEFORE updating that important software!
-
Re: XSS filter problems on various sites?
That seems to remove the xss warnings, thnx
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0