When I go to the option Advanced / XSS there is an Anti-XSS Protection Exception that is entered.
^(http|https)://[a-z0-9\-]+\.stumbleupon\.com/
I can erase this and the screen goes yellow. No problem.
Then, after I use my computer for awhile, I come back to this option and it has been re-entered.
This sounds like something Stumbleupon is doing but I don't know how to stop it.
I am running FF 3.5 but I noticed this happening before I migrated to 3.5.
Stumbleupon and XSS
Stumbleupon and XSS
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Re: Stumbleupon and XSS
Sure enough, StumbleUpon is doing it.
(Also looks to be using an older, tldEmulation.js.)
stumbleuponOverlay.js:
(Also looks to be using an older, tldEmulation.js.)
stumbleuponOverlay.js:
Code: Select all
function su_update_noscript_whitelists()
{
if (! su_ds.isPrefDefined("noscript.filterXExceptions"))
return;
var str = su_ds.getValue("noscript.filterXExceptions");
var exceptions = str.split("\n");
var filter_str = "^(http|https)://[a-z0-9\\-]+\\.stumbleupon\\.com/";
var i;
var found = false;
for (i = 0; i < exceptions.length; i++)
{
if (exceptions[i] == filter_str)
{
found = true;
break;
}
}
if (! found)
{
exceptions.push(filter_str);
str = exceptions.join("\n");
su_ds.setValue("noscript.filterXExceptions", str);
}
if ((typeof noscriptUtil) != "object")
return;
if (noscriptUtil.service &&
noscriptUtil.service.jsPolicySites &&
((typeof noscriptUtil.service.jsPolicySites.add) == "function"))
{
noscriptUtil.service.jsPolicySites.add("stumbleupon.com");
}
su_ds.flushPrefs();
}
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22) Gecko/20090605 SeaMonkey/1.1.17
Re: Stumbleupon and XSS
What must I do to stop it?
Thanks.
Thanks.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5
Re: Stumbleupon and XSS
I went into the JS file and changed the wording around and rearchived it.
It still generates a line but it is now meaningless.
It still generates a line but it is now meaningless.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5