InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Suggest adding XSS default rule

https://forums.informaction.com/viewtopic.php?t=21282

Page 1 of 1

Suggest adding XSS default rule

Posted: Mon Sep 28, 2015 12:40 pm
by Guest
Suggest adding chrome://browser/content/browser.xul to allow Firefox search box to work when xss filtering turned on.

Re: Suggest adding XSS default rule

Posted: Mon Sep 28, 2015 4:55 pm
by barbaz
-1 to this request, too many problems with it.
It inhibits testing of XSS filter and may make false positives harder to spot. And it's actually

Code: Select all

^@chrome://browser/content/browser\.xul$
And for SeaMonkey it'd be

Code: Select all

^@chrome://navigator/content/navigator\.xul$
so you can't really have a set default, otherwise you're likely to be doing the dangerous thing of whitelisting a URL which by default points to nothing.


Can you post here the contents of the searchplugin's xml file as well as post the query that the XSS filter is messing with?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited