Noscript blocking blogger to upload images

[darizotas]

I realised that NoScript 2.8.9 blocks Blogger from uploading images. It detects a possible XSS. Error shown:
Original URL:
[https://docs.google.com/e/picker?protoc ... =[i]NUMBER[/i]&thumbs=1600&pp=ETC, ETC]

I've modified the Anti-XSS protection exceptions so:
[old]

Code: Select all

^https?://([a-z]+)\.google\.(?:[a-z]{1,3}\.)?[a-z]+/(?:search|custom|\1)\?

[new]

Code: Select all

^https?://([a-z]+)\.google\.(?:[a-z]{1,3}\.)?[a-z]+/(?:search|custom|e/picker|\1)\?

I am wondering if the new regexp could be too relaxed. If not, I hope it helps,
Darizotas

[therube]

There were some XSS related changes in the development build.
Does that help any?

[Darizotas]

First of all sorry, NoScript version is 2.6.6.8.
I tried the development build, but the behaviour is the same. It blocks the script.

[Giorgio Maone]

I'm gonna check this as soon as I'm back from my current journey.
If I don't update this thread in a week from now, please bump, thanks.

[Darizotas]

Hi Giorgi,

I think you already fixed this: "false positive on GMail when opening the Google Docs file picker (thanks Harry for reporting)". However I don't know whether the change is the same that I proposed.

Thanks,
Darío.

[Thrawn]

Well, if Giorgio fixed it by fixing a bug in the filter, then that is better than adding an exception to the filter .

Do your uploads work OK now?

[Darizotas]

Hi again,

I know this has become a late answer, but I'm afraid that the issue still persists on 2.6.8.5 (and later). I had to configure the filter again, because NoScript stopped a suspicious XSS from Blogger. Could you please double-check that?

Thanks,
Darío.