InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

This MDN search triggers XSS filter

https://forums.informaction.com/viewtopic.php?t=21656

Page 1 of 1

This MDN search triggers XSS filter

Posted: Mon Feb 29, 2016 3:01 am
by barbaz
from MDN's searchplugin, search

Code: Select all

GlobalFetch.fetch()
noscript filters "XSS attempt" and these messages are present in the console

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///en-US/search?q=GlobalFetch.fetch()&w=3&qs=plugin
(function anonymous() {
q=GlobalFetch.fetch() /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%28%29&w=3&qs=plugin] requested from [chrome://navigator/content/navigator.xul]. Sanitized URL: [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%20%20&w=3&qs=plugin#20744240862104457989].

[NoScript InjectionChecker] JavaScript Injection in ///en-US/search?q=GlobalFetch.fetch()&w=3&qs=plugin
(function anonymous() {
q=GlobalFetch.fetch() /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%28%29&w=3&qs=plugin] requested from [chrome://navigator/content/navigator.xul]. Sanitized URL: [https://developer.mozilla.org/en-US/search?q=GlobalFetch.fetch%20%20&w=3&qs=plugin#7349481168947692976].
Just FWIW. Probably nothing to be done here.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited