Allow XSS only for peeep.us in order for bookmarklet to work

[libastral]

How to whitelist only peeep.us? Their bookmarklet doesn't work when XSS protection is enabled.

[Thrawn]

Options-Advanced-XSS

You'll need to know regular expressions. If you don't, then you can post a sample error here from the Error Console (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console) to get help.

[libastral]

Well, yeah I know nothing about these expressions. This is the console log: http://paste2.org/p/2475125
If someone can provide the expression I would be grateful.

[therube]

What sites are generating the XSS warnings?

Original: http://www.gena01.com/

peeep, not allowed, nor is gena01: http://www.peeep.us/7471bc7a
peeep, not allowed, but gena01 is: http://www.peeep.us/bdcfe429


Ah, its only when you have allowed peeep.com that the XSS is generated.

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [http://www.peeep.us/upload.php] from [http://www.gena01.com/]: transformed into a download-only GET request.

[therube]

peeep allowed, gena01 allowed, & an XSS Exception: http://www.peeep.us/92c6fa2e

XSS Exception:

Code: Select all

^http://www.peeep.us/upload.php

(don't hold me to this, i'm not good with them & don't really know if this is not specific or not, but looks to work)

[libastral]

peeep allowed, gena01 allowed, & an XSS Exception: http://www.peeep.us/92c6fa2e

XSS Exception:

Code: Select all

^http://www.peeep.us/upload.php

(don't hold me to this, i'm not good with them & don't really know if this is not specific or not, but looks to work)

Thanks a lot, it worked!

[Thrawn]

Try escaping the dots:

Code: Select all

^https?://www\.peeep\.us/upload\.php

Otherwise it would also match eg www-peeep.us/upload.php. No big deal, but the tighter the better.

Is there a legitimate reason for this bookmarklet to send requests that look like HTML/JavaScript? If not, then you might want to contact peeep.us and ask why.