XSS filter false positive

Bug reports and enhancement requests
Post Reply
barbaz
Senior Member
Posts: 9942
Joined: Sat Aug 03, 2013 5:45 pm

XSS filter false positive

Post by barbaz » Fri May 14, 2021 10:11 pm

Doing a DuckDuckGo search from the FF search bar for (content warning)

Code: Select all

Doddy Gatz - Malicious Mackin' (Feat. BAKER) (Prod. Genshin)
... produces this XSS warning -

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://duckduckgo.com.

Suspicious data:

(URL) https://duckduckgo.com/?t=ffsb&q=Doddy+Gatz+-+Malicious+Mackin'+(Feat.+BAKER)+(Prod.+Genshin)&ia=web
But there's no XSS there.
*Always* check the changelogs BEFORE updating that important software!
-

barbaz
Senior Member
Posts: 9942
Joined: Sat Aug 03, 2013 5:45 pm

Re: XSS filter false positive

Post by barbaz » Fri May 28, 2021 2:24 pm

bump
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
Giorgio Maone
Site Admin
Posts: 9101
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: XSS filter false positive

Post by Giorgio Maone » Fri May 28, 2021 2:32 pm

It's the

Code: Select all

(Feat. BAKER) (Prod. Genshin)
following a potential string break

Code: Select all

Mackin'
looking like a suspicious syntactically valid JavaScript fragment.
Not sure what to do to lower sensitivity here, will think about it.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:89.0) Gecko/20100101 Firefox/89.0

Post Reply