Re: XSS on YouTube
Posted: Tue Sep 24, 2013 10:19 pm
barbaz wrote:@redwolfe_98:redwolfe_98 wrote:after reading the other posts, where people said that they were concerned about allowing XSS, i am leary of using the new built 22.214.171.124..
I think you can turn the exception off by going to about:config and setting noscript.filterXExceptions.yt_comments to false, see http://forums.informaction.com/viewtopic.php?p=48111#p48111
Also, Giorgio has already explained that he protected it from actual XSS, by filtering it to ensure that the exception only applies to requests coming from YouTube.