[FIXED] Direct ip address site has a harmful rule suggestion
Posted: Wed Feb 07, 2018 4:41 pm
I just did some development when I came along this behavior when opening phpMyAdmin in a local xampp instance:
NoScript seems to detect "127.0.0.1" (localhost) with "0.1" interpreted as host="0" and tld="1".
It suggests to add a rule for "... .0.1" which in my opinion makes no sense since it would also match "blablabla.0.1".
This behavior seems to be the same for all direct ip address URLs, which makes it even worse (misuse potential: trust for ip a.b.x.y also means trust for any c.d.x.y).
Shouldn't a plain ip address site result in a single rule suggestion including the full ip?
A simple regex could match the ip pattern in the first place.
Screenshot:
https://imgur.com/a/5YneT
Versions:
NoScript: 10.1.6.4
Firefox: 58.0.1
NoScript seems to detect "127.0.0.1" (localhost) with "0.1" interpreted as host="0" and tld="1".
It suggests to add a rule for "... .0.1" which in my opinion makes no sense since it would also match "blablabla.0.1".
This behavior seems to be the same for all direct ip address URLs, which makes it even worse (misuse potential: trust for ip a.b.x.y also means trust for any c.d.x.y).
Shouldn't a plain ip address site result in a single rule suggestion including the full ip?
A simple regex could match the ip pattern in the first place.
Screenshot:
https://imgur.com/a/5YneT
Versions:
NoScript: 10.1.6.4
Firefox: 58.0.1