InformAction Forums

Posted: **Thu Sep 27, 2012 6:09 pm**

XSS or Not?

http://imgs.xkcd.com/clickdrag

Generates an XSS warning

[ABE] <LOCAL> Deny on {GET http://origin.imgs.xkcd.com/clickdrag/ <<< http://imgs.xkcd.com/clickdrag, chrome://navigator/content/navigator.xul - 6}
SYSTEM rule:
Site LOCAL
Accept from LOCAL
Deny

Or not?

http://imgs.xkcd.com/clickdrag/
(with the closing slash)

Returns a 404

Posted: **Fri Sep 28, 2012 12:20 am**

therube wrote: Generates an XSS warning

Actually, that's an ABE warning.

And it doesn't happen for me, but I get a timeout.

therube wrote: Or not?

http://imgs.xkcd.com/clickdrag/
(with the closing slash)

Returns a 404

Probably because there isn't a resource with that exact address? It's a directory.

InformAction Forums

XSS or Not?

XSS or Not?

Re: XSS or Not?