I just did some development when I came along this behavior when opening phpMyAdmin in a local xampp instance:
NoScript seems to detect "127.0.0.1" (localhost) with "0.1" interpreted as host="0" and tld="1".
It suggests to add a rule for "... .0.1" which in my opinion makes no sense since it would also match "blablabla.0.1".
This behavior seems to be the same for all direct ip address URLs, which makes it even worse (misuse potential: trust for ip a.b.x.y also means trust for any c.d.x.y).
Shouldn't a plain ip address site result in a single rule suggestion including the full ip?
A simple regex could match the ip pattern in the first place.
Screenshot:
https://imgur.com/a/5YneT
Versions:
NoScript: 10.1.6.4
Firefox: 58.0.1
[FIXED] Direct ip address site has a harmful rule suggestion
[FIXED] Direct ip address site has a harmful rule suggestion
Last edited by Giorgio Maone on Sat Feb 10, 2018 7:14 am, edited 2 times in total.
Reason: fix broken image
Reason: fix broken image
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Re: Direct ip address site has a harmful rule suggestion
Fixed in 10.1.6.5rc4.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0