This MDN search triggers XSS filter

General discussion about the NoScript extension for Firefox
Post Reply
barbaz
Senior Member
Posts: 10847
Joined: Sat Aug 03, 2013 5:45 pm

This MDN search triggers XSS filter

Post by barbaz »

from MDN's searchplugin, search

Code: Select all

GlobalFetch.fetch()
noscript filters "XSS attempt" and these messages are present in the console

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///en-US/search?q=GlobalFetch.fetch()&w=3&qs=plugin
(function anonymous() {
q=GlobalFetch.fetch() /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%28%29&w=3&qs=plugin] requested from [chrome://navigator/content/navigator.xul]. Sanitized URL: [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%20%20&w=3&qs=plugin#20744240862104457989].

[NoScript InjectionChecker] JavaScript Injection in ///en-US/search?q=GlobalFetch.fetch()&w=3&qs=plugin
(function anonymous() {
q=GlobalFetch.fetch() /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%28%29&w=3&qs=plugin] requested from [chrome://navigator/content/navigator.xul]. Sanitized URL: [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%20%20&w=3&qs=plugin#7349481168947692976].
Just FWIW. Probably nothing to be done here.
*Always* check the changelogs BEFORE updating that important software!
-
Top
Post Reply

Return to “NoScript General”