Don't Say No - XSS Warning?

[therube]

Don't Say No - XSS Warning?

NoScript .903, Win7 x64, FF 115 ESR

Search Engine is set to: https://www.startpage.com/

Search, dr. no
First hit, Dr. No (film) - Wikipedia -> https://en.wikipedia.org/wiki/Dr._No_(film)

by default (in Startpage), I have left-click set to open link in new tab

clicking (or center-clicking) the wikipedia page link to, https://en.wikipedia.org/wiki/Dr._No_(film)
generates XSS warning?

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://www.startpage.com to https://en.wikipedia.org.

Suspicious data:

(URL) https://en.wikipedia.org/wiki/Dr._No_(film)

If I paste, 'https://en.wikipedia.org/wiki/Dr._No_(film)' into a new tab & hit return, I get the same (sort of) warning?

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://en.wikipedia.org.

Suspicious data:

(URL) https://en.wikipedia.org/wiki/Dr._No_(film)

?

(The same does not occur in NoScript 5.1.9 .)

[barbaz]

Can confirm that URL trips the XSS filter in NoScript 13.0.8.903. Relevant Browser Console messages:

Code: Select all

[NoScript] [InjectionChecker]  
wiki/Dr._No_(film) /**/
DUMMY_EXPR
 has been flagged as dangerous JS (_() log.js:34:15

[NoScript] [InjectionChecker]  JavaScript Injection in ///wiki/Dr._No_(film)
function anonymous(
) {
wiki/Dr._No_(film) /* COMMENT_TERMINATOR */
DUMMY_EXPR
}

Looks like a false positive, should be safe to allow.