InformAction Forums

Posted: **Fri Jan 02, 2015 7:18 am**

I have NS 2.6.9.10 and ABP 2.6.6.

Everytime I search for __attribute__((noreturn)) with DuckDuckGo, I get this message:

NoScript filtered a potential XSS attempt from chrome. Technical details have been logged to the console.

And there is this in the console:

Use of getPreventDefault() is deprecated. Use defaultPrevented instead. d1718.js:26

The full link to the script is https://duckduckgo.com/d1718.js

The URL of the results page for this specific search query looks different: https://duckduckgo.com/?q=__attribute__ ... 1799896759

False positive or real threat?

Posted: **Fri Jan 02, 2015 2:21 pm**

(apologies for any typos, the only way I could look at these was by doing a video capture of the Error Console)

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///?q=__attribute__((noreturn))
(function anonymous() {
q=__attribute__((noreturn)) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://duckduckgo.com/?q=__attribute__%28%28noreturn%29%29] requested from [chrome://navigator/content/navigator.xul]. Sanitized URL: [https://duckduckgo.com/?q=__attribute__%20%20noreturn%20%20#35913664713152404730].

Probably a false positive since *you* thought of and typed the offending string...

(for reference, this isn't the first time user-initiated DuckDuckGo searches have tripped the XSS filter, see viewtopic.php?f=7&t=20141 )

Posted: **Sun Jan 04, 2015 7:51 pm**

Bear in mind that NoScript filters the request, without being able to tell what the resulting page will actually do with it. It's very likely that DuckDuckGo does proper sanitisation of their search queries.

InformAction Forums

XSS attempt at duckduckgo.com?

XSS attempt at duckduckgo.com?

Re: XSS attempt at duckduckgo.com?

Re: XSS attempt at duckduckgo.com?