XSS or Not?

Ask for help about NoScript, no registration needed to post
Post Reply
User avatar
therube
Ambassador
Posts: 7991
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

XSS or Not?

Post by therube »

XSS or Not?

http://imgs.xkcd.com/clickdrag

Generates an XSS warning

Code: Select all

[ABE] <LOCAL> Deny on {GET http://origin.imgs.xkcd.com/clickdrag/ <<< http://imgs.xkcd.com/clickdrag, chrome://navigator/content/navigator.xul - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny
Or not?

http://imgs.xkcd.com/clickdrag/
(with the closing slash)

Returns a 404
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/17.0 Firefox/17.0 SeaMonkey/2.14a2
Top
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:
Contact Thrawn

Re: XSS or Not?

Post by Thrawn »

therube wrote: Generates an XSS warning
Actually, that's an ABE warning.

And it doesn't happen for me, but I get a timeout.
therube wrote: Or not?

http://imgs.xkcd.com/clickdrag/
(with the closing slash)

Returns a 404
Probably because there isn't a resource with that exact address? It's a directory.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1
Top
Post Reply

Return to “NoScript Support”