Page 1 of 1

[Answered] What happened with NoScript json options xssBlockUnscannedPOST and xssScanRequestBody

Posted: Fri Jun 14, 2019 10:54 am
by pal1000
I have a relatively old noscript_data.txt from 10.6.2 release candidates period backed up with these 2 options: xssScanRequestBody is true and xssBlockUnscannedPOST is false.
I also noticed that a fresh copy of Noscript 10.6.3rc7 doesn't create these options in its configuration json anymore and there is no UI element in NoScript Options page that could set them. If I remember well there were UI elements that controlled those options in 10.6.2 release candidates. Could it be those options were related to the workaround for https://bugzil.la/1532530 that was nuked in 10.6.2 stable? If so do they still have some effect if left alone?

Re: Asking about NoScript json options xssBlockUnscannedPOST and xssScanRequestBody

Posted: Fri Jun 14, 2019 1:06 pm
by musonius
pal1000 wrote: Fri Jun 14, 2019 10:54 am Could it be those options were related to the workaround for https://bugzil.la/1532530 that was nuked in 10.6.2 stable? If so do they still have some effect if left alone?
After looking at the commit which removed the workaround, I am quite sure that these options don't have any effect anymore.

Re: Asking about NoScript json options xssBlockUnscannedPOST and xssScanRequestBody

Posted: Fri Jun 14, 2019 3:16 pm
by Giorgio Maone
musonius wrote: Fri Jun 14, 2019 1:06 pm
pal1000 wrote: Fri Jun 14, 2019 10:54 am Could it be those options were related to the workaround for https://bugzil.la/1532530 that was nuked in 10.6.2 stable? If so do they still have some effect if left alone?
After looking at the commit which removed the workaround, I am quite sure that these options don't have any effect anymore.
No, they don't indeed.

Re: Asking about NoScript json options xssBlockUnscannedPOST and xssScanRequestBody

Posted: Fri Jun 14, 2019 7:49 pm
by pal1000
Thanks both for answering. It looks like my guess was right. I marked this question topic as answered.