external filters

[datenkrake]

Hello,

I would like to understand how I can write an external filter.
Is there anything available how to build them? Maybe a tutorial?

Cheers,

[Giorgio Maone]

An external filter is an executable which takes the following arguments:

• original_file_path path to local file where the content to be filtered has already been saved by NoScript
• clean_file_path path to an empty temporary local file created by NoScript, where the filter should write the "clean" version of the content
• originURL URL of the document embedding the content
• contentURL URL of the embedded content

The filter should examine the file which had been written by NoScript in original_file_path and choose whether writing it (either intact or modified) in clean_file_path and exiting with exit code = 0, or aborting the load by exiting with exit code <> 0.

[datenkrake]

Thanks for your quick response. If I get it right, a perl script
could do this job -- which would enable to include privoxy-type
scripts into noscript.
That is pretty cool, since privoxy cannot handle ssl connections,
but noscript does since it sits inside the browser !

[Zloy Strelok]

Hi!

I want to modify xss filter (add some new rules). Which is the best way to do it? Modifying source code or through the external filter?
p.s. which file contains xss fitering regexp?

[Thrawn]

I want to modify xss filter (add some new rules). Which is the best way to do it? Modifying source code or through the external filter?
p.s. which file contains xss fitering regexp?

I don't think that that's the kind of filter that 'external filter' means. External filters are for things like sanitising Flash. Notice that they're associated with a MIME type.

Giorgio keeps control of the code, so if you want to submit patches, you'll need to go through him. If you just want to try things out on your local copy, though, then yes, modify the source code.

[Tom T.]

I want to modify xss filter (add some new rules). Which is the best way to do it? Modifying source code or through the external filter?
p.s. which file contains xss fitering regexp?

NoScript's XSS filter can have exceptions added through the GUI. NS Options > Advanced > XSS.
Add your regexp in the Exceptions box.

But the bigger question is: Why is XSS being triggered? If it's a false positive, both the site and we should know about it. The sensitivity of the checker has been fine-tuned many times based on such user reports.

If it's a genuine XSS, you're putting yourself at great risk to add an exception. Either way, it needs to be resolved.

I have NOTHING in XSS exceptions, and it's hardly ever been an issue -- one or two false positives over the years.

If you're talking about *tightening* the XSS protections, then could you please share your suggestions with the rest of us? This sub-forum is for just that.
NS developer Giorgio Maone will consider it, and either accept the suggestion, or explain why it isn't wise or feasible. Please don't modify NS source code. Thanks.