Firefox 60.1.0esr on Debian GNU/Linux x86_64 (Mozilla binary tarball, not from distro repo) in a new clean profile, NoScript 10.1.8.17rc2 default configuration.
Same result for Firefox 61.0.2 release and Firefox 52.9.0esr/NoScript Classic 5.1.8.7rc3.
With Firefox 52.9 I didn't bother to test with a new clean profile...
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
It is. It is syntactically valid JavaScript, but just by chance.
Anyway, whitelisting cross-site requests from wikimedia.org to wikipedia.org should be fairly safe.
Giorgio Maone wrote:It is. It is syntactically valid JavaScript, but just by chance.
Anyway, whitelisting cross-site requests from wikimedia.org to wikipedia.org should be fairly safe.
Thanks Giorgio. I added an XSS exception and it works.
I noticed that NoScript Classic already has a default XSS exception for Wikimedia -