Recent update breaks Gerrit
Posted: Tue Jan 09, 2018 10:31 am
Since yesterday, I can't open my company's Gerrit anymore. Disabling NoScript solves it. All scripts on the page are allowed. Entering a URL on the page yields... nothing. It's as if I never did anything - I just stay on the page I was previously and the address field reverts back to the original page. Opening a link to Gerrit in a new tab yields the same result as just opening an empty tab. Ctrl-U gives me the URL "view-source:about:blank". The desired URL _is_ present in the address field, but that is the only indication that I've tried to navigate to it. I can't configure NoScript for this page, as the NoScript icon turns into the blue S with a red question mark on it, and clicking it just takes me to the options page at moz-extension://01f...31a/ui/options.html. "Scripts Globally Allowed (dangerous)" doesn't help, only completely disabling NoScript. Any ideas?
Turning off "Sanitize cross-site suspicious requests" fixes it. But I'd like XSS checking turned on... The XSS section in the FAQ under "Can I bypass Anti-XSS filters for certain web pages?" states that I can configure this in "NoScript Options|Advanced|XSS|Anti-XSS Protection Exceptions", but I find no such options. I guess these aren't in NoScript 10 yet?