I am trying to execute an ebay saved search. The search is "gizmo (s1,s2) (s3,s4,s5,s6)". Noscript is identifying this a as a potential XSS problem, "sanitizing" the search criteria by removing the parentheses, and that causes the search to return undesired results. Note that the search criteria is only to illustrate the problem, and is not something that I am actually interested in.
I tried entering the suggested FAQ fix which was to add an entry in the Anti-XSS Protection Exceptions, but it does not fix the problem. Any helpful suggestions are welcome.
I tried posting the Error Console output here but could not. There was a message saying a spam filter did not like it.
[RESOLVED] XSS problem. FAQ suggestion doesn't help
[RESOLVED] XSS problem. FAQ suggestion doesn't help
Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: XSS problem. FAQ suggestion doesn't help
(resolved after email exchange, by adding the following XSS exceptions line:
)
[Edited to add the missing "?"]
Code: Select all
^@https?://my\.ebay\.com/ws/eBayISAPI\.dll\?
[Edited to add the missing "?"]
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0
Re: [RESOLVED] XSS problem. FAQ suggestion doesn't help
Actually what worked for me was
^@http://my\.ebay\.com/ws/eBayISAPI\.dll\?
Note I changed https to http.
Respecfully....
^@http://my\.ebay\.com/ws/eBayISAPI\.dll\?
Note I changed https to http.
Respecfully....
Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: [RESOLVED] XSS problem. FAQ suggestion doesn't help
Sorry, I did it again. I forgot a "?", just edited the post above to correct it, thanks.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:16.0) Gecko/20100101 Firefox/16.0