InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS false positive: The Simple Dollar and Feedburner

https://forums.informaction.com/viewtopic.php?t=14086

Page 1 of 1

XSS false positive: The Simple Dollar and Feedburner

Posted: Mon May 06, 2013 1:10 am
by Thrawn
Subscribing to email updates from The Simple Dollar blog lands at feedburner.google.com with an XSS warning:

Code: Select all

[NoScript XSS] Sanitized suspicious upload to [http://feedburner.google.com/fb/a/emailverify] from [http://www.thesimpledollar.com/]: transformed into a download-only GET request.
Unsafe Reload is needed for the subscription to work (otherwise you get a spurious error claiming that email subscriptions are not enabled for the feed).

Is that just because I haven't whitelisted The Simple Dollar? If so, then it's not really an XSS error...
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited