InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

[Fixed] XSS filter False Positive

https://forums.informaction.com/viewtopic.php?t=26281

Page 1 of 1

[Fixed] XSS filter False Positive

Posted: Sat Mar 27, 2021 9:50 pm
by barbaz
Clicking this link trips the XSS filter - https://valadoc.org/gtk+-3.0/Gtk.Window ... tle.html#!

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://forums.informaction.com to https://valadoc.org.

Suspicious data:

(URL) https://valadoc.org/gtk+-3.0/Gtk.Window.set_title.html#!
But I don't see any part of the "suspicious data" looks like XSS?

NoScript 11.2.4rc5 + FF 87.0 here.

Re: XSS filter False Positive

Posted: Thu Apr 01, 2021 10:37 pm
by Giorgio Maone
Please check latest development build:

v 11.2.5rc1
============================================================
x Configurable "csspp0" capability to for sites where the
CSS PP0 mitigation should be disabled (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
operator pre-checks

Re: XSS filter False Positive

Posted: Fri Apr 02, 2021 12:43 am
by barbaz
Fixed, thanks Image
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited