InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

RFE: Make 'cross-site JavaScript' message less confusing

https://forums.informaction.com/viewtopic.php?t=19648

Page 1 of 1

RFE: Make 'cross-site JavaScript' message less confusing

Posted: Wed May 07, 2014 11:00 pm
by Thrawn
Many people who come across the cross-site inclusion filter - including therube - have, quite understandably, thought that
Blocking cross-site JavaScript served from...
was a reference to the XSS filter. Which leads them on a wild-goose chase, and might even cause them to mistakenly write unsafe XSS filter exceptions (regex is hard to get right).

Maybe this message could be changed to something like:
Blocking third-party JavaScript served from...
As an extra, is it feasible to add the cross-site inclusion filter exceptions to Options-Advanced, maybe sharing the ClearClick tab?

Re: RFE: Make 'cross-site JavaScript' message less confusing

Posted: Thu May 08, 2014 1:37 am
by barbaz
Thrawn wrote:As an extra, is it feasible to add the cross-site inclusion filter exceptions to Options-Advanced
http://forums.informaction.com/viewtopi ... 10&t=19548
Thrawn wrote:maybe sharing the ClearClick tab?
Without also renaming that tab, would be confusing because AFAIK inclusion type checking has nothing to do with ClearClick.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited