XSS filter false positive

Bug reports and enhancement requests
Post Reply
Master Bug Buster
Posts: 10013
Joined: Sat Aug 03, 2013 5:45 pm

XSS filter false positive

Post by barbaz » Tue Aug 17, 2021 7:55 pm

NoScript 11.2.12rc1
Firefox 90.0

This link https://tunein.com/radio/Radio-Schizoid ... o-s298310/ triggers the XSS filter, but it contains no attempted XSS, nor anything that even looks like XSS.

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://forums.informaction.com to https://tunein.com.

Suspicious data:

(URL) https://tunein.com/radio/Radio-Schizoid---Dub-Techno-s298310/
It even triggers if I just paste that URL in the address bar.
Temporarily off forum staff at my own request
*Always* check the changelogs BEFORE updating that important software!

User avatar
Posts: 7714
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: XSS filter false positive

Post by therube » Wed Aug 18, 2021 3:58 pm

(Confirmed [the popup that is].
I'll also note that the site pops up an [almost] frameless [is that the right word?] window, & that window has no NoScript icon, but NoScript can still be reached from a context-menu [or I suppose ? you could block sites from removing window frames].)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.10

Post Reply