[Fixed] XSS filter False Positive

Bug reports and enhancement requests
Post Reply
barbaz
Senior Member
Posts: 9871
Joined: Sat Aug 03, 2013 5:45 pm

[Fixed] XSS filter False Positive

Post by barbaz » Sat Mar 27, 2021 9:50 pm

Clicking this link trips the XSS filter - https://valadoc.org/gtk+-3.0/Gtk.Window ... tle.html#!

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://forums.informaction.com to https://valadoc.org.

Suspicious data:

(URL) https://valadoc.org/gtk+-3.0/Gtk.Window.set_title.html#!
But I don't see any part of the "suspicious data" looks like XSS?

NoScript 11.2.4rc5 + FF 87.0 here.
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Giorgio Maone
Site Admin
Posts: 9065
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: XSS filter False Positive

Post by Giorgio Maone » Thu Apr 01, 2021 10:37 pm

Please check latest development build:

v 11.2.5rc1
============================================================
x Configurable "csspp0" capability to for sites where the
CSS PP0 mitigation should be disabled (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
operator pre-checks
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0

barbaz
Senior Member
Posts: 9871
Joined: Sat Aug 03, 2013 5:45 pm

Re: XSS filter False Positive

Post by barbaz » Fri Apr 02, 2021 12:43 am

Fixed, thanks Image
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply