InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

OEIS & too aggressive anti-XSS

https://forums.informaction.com/viewtopic.php?t=22996

Page 1 of 1

OEIS & too aggressive anti-XSS

Posted: Wed Jun 28, 2017 8:24 am
by mmk
Hi,

both NS 5.0.5 / 5.0.6rc4 copy-pasted url:

Code: Select all

http://oeis.org/wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity)
rewrite as:

Code: Select all

http://oeis.org/wiki/Omega_n_,_number_of_prime_factors_of_n_with_multiplicity#4942368359429259376
Below log from Firefox 54.0 console:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity) (function anonymous( ) { wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity) /* COMMENT_TERMINATOR */ DUMMY_EXPR })

[NoScript XSS] Wyczyszczone podejrzane żądania. Oryginalny URL [http://oeis.org/wiki/Omega(n),_number_of_prime_factors_of_n_(with_multiplicity)] żądany z [[System Principal]]. Wyczyszczony URL: [http://oeis.org/wiki/Omega%20n%20,_number_of_prime_factors_of_n_%20with_multiplicity%20#1740810798906831164].

GET  http://oeis.org/wiki/Omega%20n%20,_number_of_prime_factors_of_n_%20with_multiplicity%20#1740810798906831164 [HTTP/1.1 301 Moved Permanently 213 ms]

GET  http://oeis.org/wiki/Omega_n_,_number_of_prime_factors_of_n_with_multiplicity#1740810798906831164 [HTTP/1.1 404 Not Found 943 ms]

Re: OEIS & too aggressive anti-XSS

Posted: Wed Jun 28, 2017 2:03 pm
by barbaz
workaround: NoScript Options > Advanced > XSS, add this exception

Code: Select all

^https?://oeis\.org/wiki/
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited