I accept your words as I can look but I cann't see; I simply do not know the subject.Thrawn wrote:Eww, they're polluting window.name! Look at the second line of the console output.
I didn't mention XSS filter was on, as I thought exceptions had a meaning only if XSS filter was on.This is *not* a safe practice. If you can leave the XSS filter on, then please do.
I guess you state what you explain later.barbaz wrote:*If* an XSS exception is the way to go.
Yes, it works. I have changed the expression to this. Thank you too.Does this exception work?Code: Select all
^@https://[a-z]+\.eurobank\.gr/
What I meant was, don't write an exception if you can help it. Keep filtering these requests, because they're dangerous.maxer wrote:I didn't mention XSS filter was on, as I thought exceptions had a meaning only if XSS filter was on.This is *not* a safe practice. If you can leave the XSS filter on, then please do.
I wish I knew what you mean by "breaks". What my experience is that when XSS filter is on, with no exception, there is a 15sec delay, where firefox window "freezes" (no response at all). After that the prompt save/open window comes out. The story is repeated for every new or same refreshed page in eurobank.grThrawn wrote: If the site breaks when the XSS filter is triggered, then I recommend using a separate profile for your banking, so that your bank can't be attacked by other sites in the same window..
It means "not working in a way that makes it unusable" - including, for example, what you experience on eurobank with the XSS filter left alone.maxer wrote:I wish I knew what you mean by "breaks".
