xss attempt from chrome: blocked?
xss attempt from chrome: blocked?
noscript has started to alert me that a possible xss attempt from [chrome:] has been blocked each time i do a keyword search from the location bar. i have tried to whitelist "^chrome:" in the xss section of the prefs, which had absolutely no effect, even though the pattern test field indicates all chrome: urls are matched by the whitelist. anyone else seeing this? what am i doing wrong?
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: xss attempt from chrome: blocked?
Could you show me the [NoScript XSS] lines you should get in Tools|Error Console when this happens?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: xss attempt from chrome: blocked?
P.S.: the correct way to whitelist an origin for XSS checks is premetting "@" to its scheme, like
or
Your exception was whitelisting chrome://* as a target.
Code: Select all
^@chrome:
Code: Select all
^@https://some.trusted.origin.com/
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)