winbank XSS exception

Ask for help about NoScript, no registration needed to post
Post Reply
gvp
Posts: 10
Joined: Tue Dec 23, 2014 8:43 pm

winbank XSS exception

Post by gvp »

I get he following error in my console

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [https://ebanking.winbank.gr/Login.aspx###DATA###something_here.+something_here] from [https://www.winbank.gr/el/Pages/Home.aspx]: transformed into a download-only GET request.
Which exception is safer

^https?://([a-z]+)\.winbank\.(?:[a-z]{1,3}\.)?[a-z]
or
^@https://[a-z]+\.winbank\.gr/

both of them work ...
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9546
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: winbank XSS exception

Post by Giorgio Maone »

gvp wrote: ^@https://[a-z]+\.winbank\.gr/
This one, which authorizes https://*.winbank.gr to bypass the filter when loading another resource.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Top
gvp
Posts: 10
Joined: Tue Dec 23, 2014 8:43 pm

Re: winbank XSS exception

Post by gvp »

thank you ...
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Top
Post Reply

Return to “NoScript Support”