false alarms
Posted: Thu Jul 09, 2009 8:57 am
I noticed that noscript gives a suspicious request notice when a form of a site is accessed from the spiders cache
[NoScript XSS] Sanitized suspicious request referer. URL [http://www.example.com/test.htm (REF: http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8)] requested from [http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8]. Sanitized Referrer: [http://209.85.229.132/search?q=cache%20 ... k&ie=UTF-8].
[NoScript XSS] Sanitized suspicious upload to [http://www.example.com/test.htm] from [http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8]: transformed into a download-only GET request.
The real url is been replaced with example.com and the script with test.htm. The notice is against the spider's cache. And there is nothing malicious on the site either.
Also Just because I block the UA on my FF doesn't mean I am a bot.
[NoScript XSS] Sanitized suspicious request referer. URL [http://www.example.com/test.htm (REF: http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8)] requested from [http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8]. Sanitized Referrer: [http://209.85.229.132/search?q=cache%20 ... k&ie=UTF-8].
[NoScript XSS] Sanitized suspicious upload to [http://www.example.com/test.htm] from [http://209.85.229.132/search?q=cache:zn ... k&ie=UTF-8]: transformed into a download-only GET request.
The real url is been replaced with example.com and the script with test.htm. The notice is against the spider's cache. And there is nothing malicious on the site either.
Also Just because I block the UA on my FF doesn't mean I am a bot.