Page 4 of 4

Re: XSS on YouTube

Posted: Tue Sep 24, 2013 10:19 pm
by Thrawn
barbaz wrote:@redwolfe_98:
redwolfe_98 wrote:after reading the other posts, where people said that they were concerned about allowing XSS, i am leary of using the new built

I think you can turn the exception off by going to about:config and setting noscript.filterXExceptions.yt_comments to false, see

Also, Giorgio has already explained that he protected it from actual XSS, by filtering it to ensure that the exception only applies to requests coming from YouTube.