InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

xss attempt from chrome: blocked?

https://forums.informaction.com/viewtopic.php?t=2436

Page 1 of 1

xss attempt from chrome: blocked?

Posted: Tue Aug 25, 2009 8:24 am
by lanzz
noscript has started to alert me that a possible xss attempt from [chrome:] has been blocked each time i do a keyword search from the location bar. i have tried to whitelist "^chrome:" in the xss section of the prefs, which had absolutely no effect, even though the pattern test field indicates all chrome: urls are matched by the whitelist. anyone else seeing this? what am i doing wrong?

Re: xss attempt from chrome: blocked?

Posted: Tue Aug 25, 2009 1:06 pm
by Giorgio Maone
Could you show me the [NoScript XSS] lines you should get in Tools|Error Console when this happens?

Re: xss attempt from chrome: blocked?

Posted: Tue Aug 25, 2009 1:19 pm
by Giorgio Maone
P.S.: the correct way to whitelist an origin for XSS checks is premetting "@" to its scheme, like

Code: Select all

^@chrome:
or

Code: Select all

^@https://some.trusted.origin.com/
Your exception was whitelisting chrome://* as a target.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited