xss filters

[n00b]

can some update the xss filter for google translate or provide a working filter for sherdog

would also like to request an option to add the current domain to an xss whitelist instead of having to manually create the filter

[Tom T.]

I don't get an XSS message using Google Translate. Please provide the steps to reproduce this message. Also please open Firefox Tools > Error Console and copy any red "Error" messages, plus any pertinent blue "information" messages (those relating to NoScript), and post them here.

Automatically whitelisting every site with an XSS message is dangerous and defeats the purpose. It serves both yourself and the whole community better if you would post such messages, as above, so that the developer can examine the sites, determine if the message is legitimate, or if a false positive, *why*. Then everyone, including the affected web sites, will benefit. Thank you.

[n00b]

Not to whitelist every site only the sites you know are false positives like with google translate or searching for post on sherdog

Google "bakjwi review" the 10th link should have the "Translate this page" option in brackets click it to reproduce the message

or any search result that has the option available

error console:

Warning: Selector expected. Ruleset ignored due to bad selector.
Source File: http://translate.google.com/translate_n ... 3Den&twu=1
Line: 8

Warning: Unexpected end of file while searching for closing } of invalid rule set.
Source File: http://translate.google.com/translate_n ... 3Den&twu=1
Line: 8

[Tom T.]

Not to whitelist every site only the sites you know are false positives like with google translate or searching for post on sherdog

I was able to search for "Anderson Silva" on sherdog forum without any XSS message. I clicked one link and got to that thread with still no problems.
There are "cascading scripts". i. e., when you allow some, new ones will try to load.
Please go to sherdog forum, search "Anderson Silva", as I did.
Please list all scripts and all objects allowed.
Also please point to "blocked objects" in NoScript menu, and list the objects you have allowed and those that are still blocked.

Google "bakjwi review" the 10th link should have the "Translate this page" option in brackets click it to reproduce the message

I don't get any such links with "translate" in them. . Probably because my computer is localized for en-US, and the page is in en-US, as are all the links.

Is it possible that your computer is set for Korean in some aspects, and when you go to the English-language Google, this produces the "translate" links?

Can you copy the entire URL, or post a screenshot of such a link, that has this message?

error console:

Warning: Selector expected. Ruleset ignored due to bad selector.
Source File: http://translate.google.com/translate_n ... 3Den&twu=1
Line: 8

Warning: Unexpected end of file while searching for closing } of invalid rule set.
Source File: http://translate.google.com/translate_n ... 3Den&twu=1
Line: 8

These are not "Error" messages, only "Warnings", which are frequent and usually of no consequence. The "Error" messages would be in RED, not yellow.

You should also get an XSS-change in the NoScript logo, and a message of "Page xxx.yyy attempted an Unsafe...." etc.
Clicking XSS logo prompts dialog box: "UNSAFELY reload ..... ?" etc.

Please help us to reproduce the XSS warning, so that the issue can be diagnosed. So far, I am not able to reproduce any of these. However, I do suspect that linking to a translation page is probably a factor. Thank you for your patience.