Page 4 of 4

Re: XSS on YouTube

Posted: Tue Sep 24, 2013 10:19 pm
by Thrawn
barbaz wrote:@redwolfe_98:
redwolfe_98 wrote:after reading the other posts, where people said that they were concerned about allowing XSS, i am leary of using the new built 2.6.8.1..


I think you can turn the exception off by going to about:config and setting noscript.filterXExceptions.yt_comments to false, see http://forums.informaction.com/viewtopic.php?p=48111#p48111

Also, Giorgio has already explained that he protected it from actual XSS, by filtering it to ensure that the exception only applies to requests coming from YouTube.