[Resolved] [XSS] Add exception for 127.0.0.1? (JDownloader)

[Tom.de]

Hello,
I use JDownloader with it's built in functionality click-n-load , see http://jdownloader.org/knowledge/wiki/glossary/cnl2 for working examples and declaration.

So when I try to use CNL on a side, I get the following error message in the log (this example is from the jdownloader site):

Code: Select all

[NoScript XSS] Ein verdächtiger Upload zu [http://127.0.0.1:9666/flash/addcrypted2###DATA###function+f%28%29%7B+return+%2731323334353637383930393837363534%27%3B%7D] von [http://jdownloader.org/knowledge/wiki/glossary/cnl2] wurde bereinigt und in eine GET-Anfrage (nur Download) umgewandelt.

and a pop-up bar with the option for an unsecure reload:

If I choose OK here, everything works as expected.

However often the pop-up bar doesn't pop-up or is gone before I can click on it (dunno why), so I have to try twice or thrice. Also this way involves a lot of clicking.

Sooo, I want add an exception for JDownloader / 127.0.0.1, hence my question how and what would be the best way to do so? And is this rather safe? I guess so because most XSS wouldn't redirect to 127.0.0.1 or?

Thanks
Tom

[Tom.de]

Hello?
Issue is still open, any help is appreciated...

[Giorgio Maone]

You need two exceptions here, one for the XSS filter and the other for ABE

1.
Add the following line to your NoScript Options|Advanced|XSS exceptions box:

Code: Select all

^http://127\.0\.0\.1:9666/flash/addcrypted2$

2.
Insert the following ruleset in the beginning of your NoScript Options|Advanced|ABE SYSTEM ruleset:

Code: Select all

Site http://127.0.0.1:9666/flash/addcrypted
Accept POST

[Tom.de]

Thanks Giorgio, works like a charm!