A subdomain becomes compulsory due to the presence of [a-z0-9]+\.
The end \.com.+$ allows too much. It will also allow an URL like [url=http://www.dropbox.com.foobar..phishing.domain.example.com/]http://www.dropbox.com.foobar..phishing.domain.example.com/[/url] (such phishing sites exist, have a look around Phishtank).
This should work: ^https?://([a-z0-9]+\.)?dropbox\.com/.*
Actually, that rule will only allow a single subdomain, eg foo.dropbox.com. The question mark (after the brackets) should be an asterisk, to allow foo.bar.baz.dropbox.com.
Are you sure that you want to allow http (unencrypted) connections? I would drop the question mark after https.
You should also check whether Dropbox subdomains use other characters like hyphens, underscores, etc.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:20.0) Gecko/20100101 Firefox/20.0
Thrawn wrote:Actually, that rule will only allow a single subdomain, eg foo.dropbox.com. The question mark (after the brackets) should be an asterisk, to allow foo.bar.baz.dropbox.com.
Good point, edited previous post to reflect this.
Mozilla/5.0 (Windows NT 6.1; rv:12.0) Gecko/20120403211507 Firefox/12.0
I updated the filter and dropbox webinterface works now.
Not sure what the true cause was that NoScript's Anti-XSS prevented me from working with dropbox.
As I read through the NoScript's changelog, I notice a lot of changes applied on the Anti-XSS component.
However it could be also an issue at dropbox's side which is fixed now.
Nevertheless, I prefer some usability and some security in a well balance, so I'll keep dropbox whitelisted.
Cloud storage was never meant to store sensitive data since there is a conflicting (privacy) laws of various countries (oh hello Patriot Act).
So in case when my dropbox account is hacked, so be it.
Mozilla/5.0 (Windows NT 6.1; rv:20.0) Gecko/20100101 Firefox/20.0
