I keep getting XSS filtering on pages like the Wall Street Journal. Except for unsafe reload, there doesn't seem to be a way to correct this, is there a straight-forward way to assume xss is safe?
Dave
XSS filter, how to whilelist a site?
XSS filter, how to whilelist a site?
Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Re: XSS filter, how to whilelist a site?
Are you confident that this page is actually immune to XSS attacks? I know you're seeing false positives, but are you sure that the page would correctly sanitise a real attack? After all, if their regular traffic looks like XSS, then there may be some sloppy coding happening...
If you've checked and you're confident, then it's in the FAQ: http://noscript.net/faq#qa4_4
If you've checked and you're confident, then it's in the FAQ: http://noscript.net/faq#qa4_4
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (Android; Mobile; rv:15.0) Gecko/15.0 Firefox/15.0a1
-
GµårÐïåñ
- Lieutenant Colonel
- Posts: 3369
- Joined: Fri Mar 20, 2009 5:19 am
- Location: PST - USA
- Contact:
Re: XSS filter, how to whilelist a site?
Depends on how much you know about programming and/or how savvy you are. You can go to NoScript Options|Advanced Tab|XSS Tab and either:
1) disable it (not recommended)
2) add an exception to the area that has a few others already
3) or go to about:config|noscript.xss.checkInclusions.exceptions and put it there
You have tons of options, just make sure you know what you are doing and if in doubt, verify before using it. Sending us the exact XSS message from your Error Console will help in the crafting of the exception.
1) disable it (not recommended)
2) add an exception to the area that has a few others already
3) or go to about:config|noscript.xss.checkInclusions.exceptions and put it there
You have tons of options, just make sure you know what you are doing and if in doubt, verify before using it. Sending us the exact XSS message from your Error Console will help in the crafting of the exception.
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
________________ .: [ Major Mike's ] :. ________________
world is a vampire and browsers are zombies and users are the virus