What exclusion string do I need to make this not be flagged as an XSS issue:
[NoScript XSS] Sanitized suspicious request referer. URL [https://plusone.google.com/_/+1/fastbut ... 6rd%3Dtrue (REF: http://msdn.microsoft.com/query/dev10.q ... .PORTAL.F1);k(SQL11.PORTAL.DEVREF.F1);k(SQL11.PORTAL.INSTALLATION.F1)&rd=true)] requested from [http://msdn.microsoft.com/query/dev10.q ... 1)&rd=true]. Sanitized Referrer: [http://msdn.microsoft.com/query/dev10.q ... 20&rd=true].
Thanks!
- Mark
XSS exclusion for msdn.microsoft.com to plusone.google.com
-
m60freeman
- Posts: 4
- Joined: Fri Oct 29, 2010 8:39 pm
XSS exclusion for msdn.microsoft.com to plusone.google.com
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Re: XSS exclusion for msdn.microsoft.com to plusone.google.c
That's a nasty query string you have there 
If you're confident that Google +1 is not actually vulnerable to an XSS attack, then you could try something like:
I'm not sure of the details of the XSS filter, but it's possible that Giorgio will find a way to improve it so that the exception is not needed.
If you're confident that Google +1 is not actually vulnerable to an XSS attack, then you could try something like:
Code: Select all
^https://plusone\.google\.com/.*
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:23.0) Gecko/20100101 Firefox/23.0