When I try to login to Flickr using my Yahoo username and password in Firefox with NoScript enabled, I get
[NoScript XSS] Sanitized suspicious request. Original URL [http://www.flickr.com/signin/yahoo/?.da ... DOM_STRING] requested from [https://login.yahoo.com/config/validate ... 2Fyahoo%2F]. Sanitized URL: [http://www.flickr.com/signin/yahoo/?.da ... DOM_STRING
where I've substituted RANDOM_STRING and RANDOM_NUMBER in the above text where long random strings or numbers existed (to make this post shorter and because I'm paranoid and don't want to expose anything from my login attempt that I don't have to).
The above XSS sanitizing that NoScript does causes the login for Flickr to fail. I'm able to login using a different browser that isn't running NoScript (gasp!) just fine so I'm pretty sure this is an issue with NoScript.
Questions:
1) Do I need to worry about this or can I just make NoScript ignore this?
2) Is there a way to whitelist this XSS issue so that I don't have to jump through any hoops in the future?
Thanks!
Flickr and XSS
Flickr and XSS
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
Re: Flickr and XSS
Under "Options" → "Advanced" → "XSS" in the box "Anti-XSS Protection Exceptions"nobill wrote:2) Is there a way to whitelist this XSS issue so that I don't have to jump through any hoops in the future?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1) Gecko/20090630 Firefox/3.5