XSS problem

General discussion about the NoScript extension for Firefox
Post Reply
User avatar
江3如此多娇
Junior Member
Posts: 35
Joined: Mon Mar 25, 2013 2:38 am

XSS problem

Post by 江3如此多娇 »

Code: Select all

[NoScript XSS] 净化从 [https://auth.alipay.com/login/index.htm] 至 [https://umidprod.alipay.com/gather.htm###DATA###ce%3D1%26fe%3D1%26fv%3D16.0.0%26dt%3DWin32%26cpu%3D%26bl%3Dzh-CN%26tz%3D%252B8%26sr%3D1366*768%26pl%3D-2.0.0.4%253A%253Aapplication%252Fbd-npupload-plugin%7E%253B-2.0.0.4%253A%253Aapplication%252Fbd-npupload-plugin%7E%253BAPlayer%2520ActiveX%2520hosting%2520plugin-1.0.0.2%253A%253Aapplication%252Fx-thunder-aplayer%7Eocx%253BAdobe%2520Acrobat-11.0.2.0%253A%253Aapplication%252Fpdf%7Epdf%252Capplication%252Fvnd.adobe.pdfxml%7Epdfxml%252Capplication%252Fvnd.adobe.x-mars%7Emars%252Capplication%252Fvnd.fdf%7Efdf%252Capplication%252Fvnd.adobe.xfdf%7Exfdf%252Capplication%252Fvnd.adobe.xdp%252Bxml%7Exdp%252Capplication%252Fvnd.adobe.xfd%252Bxml%7Exfd%253BAdobe%2520Acrobat-11.0.2.0%253A%253Aapplication%252Fpdf%7Epdf%252Capplication%252Fvnd.adobe.pdfxml%7Epdfxml%252Capplication%252Fvnd.adobe.x-mars%7Emars%252Capplication%252Fvnd.fdf%7Efdf%252Capplication%252Fvnd.adobe.xfdf%7Exfdf%252Cap
Last edited by barbaz on Fri Dec 19, 2014 1:28 am, edited 1 time in total.
Reason: wrap in code tags to avoid parts of the message being cut off
Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0
Top
barbaz
Senior Member
Posts: 11064
Joined: Sat Aug 03, 2013 5:45 pm

Re: XSS problem

Post by barbaz »

(Google translate says '净化从' == 'Purification from' and '至' == 'To')

try adding to noscript options > advanced > xss > exceptions

Code: Select all

^@https://(?:[^/:]+\.)?alipay\.com/.*
(that is trusting https://(*.)alipay.com/* to never xss anything)
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36
Top
Post Reply

Return to “NoScript General”