InformAction Forums

How to whitelist only peeep.us? Their bookmarklet doesn't work when XSS protection is enabled.

Options-Advanced-XSS

You'll need to know regular expressions. If you don't, then you can post a sample error here from the Error Console (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console) to get help.

Well, yeah I know nothing about these expressions. This is the console log: http://paste2.org/p/2475125
If someone can provide the expression I would be grateful.

What sites are generating the XSS warnings?

Original: http://www.gena01.com/

peeep, not allowed, nor is gena01: http://www.peeep.us/7471bc7a
peeep, not allowed, but gena01 is: http://www.peeep.us/bdcfe429


Ah, its only when you have allowed peeep.com that the XSS is generated.

peeep allowed, gena01 allowed, & an XSS Exception: http://www.peeep.us/92c6fa2e

XSS Exception: (don't hold me to this, i'm not good with them & don't really know if this is not specific or not, but looks to work)

therube wrote:peeep allowed, gena01 allowed, & an XSS Exception: http://www.peeep.us/92c6fa2e

XSS Exception:

Code: Select all

^http://www.peeep.us/upload.php

(don't hold me to this, i'm not good with them & don't really know if this is not specific or not, but looks to work)

Thanks a lot, it worked!

Try escaping the dots: Otherwise it would also match eg www-peeep.us/upload.php. No big deal, but the tighter the better.

Is there a legitimate reason for this bookmarklet to send requests that look like HTML/JavaScript? If not, then you might want to contact peeep.us and ask why.