Regarding the stickies...
Regarding the stickies...
I've been constantly referring people who need XSS exceptions help to http://forums.informaction.com/viewtopi ... =7&t=17774. I don't know of any better documentation than that for how to make XSS exceptions. Could someone please replace the obsolete stickies in NoScript Support forum with that topic?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:26.0) Gecko/20100101 Firefox/26.0 SeaMonkey/2.23
Re: Regarding the stickies...
Well, the first port of call for XSS problems is not to write an exception, but to post the details here, because in many cases Giorgio can improve the filter to work around the problem.
But which sticky were you thinking to update? If you want a new one, only Giorgio can do that.
But which sticky were you thinking to update? If you want a new one, only Giorgio can do that.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0
Re: Regarding the stickies...
I was thinking boot the one about icons gone after upgrading to Fx 4 and instead sticky the mentioned topic. Are you saying that more XSS false positives are bugs in the filter than bad site design?
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26a1
Re: Regarding the stickies...
Possibly. Up to Giorgio.barbaz wrote:I was thinking boot the one about icons gone after upgrading to Fx 4 and instead sticky the mentioned topic.
Or perhaps the syntax could be mentioned on noscript.net.
It's a fine line! I wouldn't call them 'bugs', but Giorgio does often add workarounds for bad site design.Are you saying that more XSS false positives are bugs in the filter than bad site design?
There are a few cases where sites actually send requests that are indistinguishable from XSS, and there's nothing to be done. But often Giorgio can do something.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:26.0) Gecko/20100101 Firefox/26.0