Page 1 of 1

Regarding the stickies...

Posted: Tue Jan 21, 2014 2:00 pm
by barbaz
I've been constantly referring people who need XSS exceptions help to http://forums.informaction.com/viewtopic.php?f=7&t=17774. I don't know of any better documentation than that for how to make XSS exceptions. Could someone please replace the obsolete stickies in NoScript Support forum with that topic?

Re: Regarding the stickies...

Posted: Tue Jan 21, 2014 10:36 pm
by Thrawn
Well, the first port of call for XSS problems is not to write an exception, but to post the details here, because in many cases Giorgio can improve the filter to work around the problem.

But which sticky were you thinking to update? If you want a new one, only Giorgio can do that.

Re: Regarding the stickies...

Posted: Tue Jan 21, 2014 10:54 pm
by barbaz
I was thinking boot the one about icons gone after upgrading to Fx 4 and instead sticky the mentioned topic. Are you saying that more XSS false positives are bugs in the filter than bad site design?

Re: Regarding the stickies...

Posted: Wed Jan 22, 2014 12:33 am
by Thrawn
barbaz wrote:I was thinking boot the one about icons gone after upgrading to Fx 4 and instead sticky the mentioned topic.

Possibly. Up to Giorgio.

Or perhaps the syntax could be mentioned on noscript.net.

Are you saying that more XSS false positives are bugs in the filter than bad site design?

:D It's a fine line! I wouldn't call them 'bugs', but Giorgio does often add workarounds for bad site design.

There are a few cases where sites actually send requests that are indistinguishable from XSS, and there's nothing to be done. But often Giorgio can do something.