InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Please write us an XSS filter "regular expression".

https://forums.informaction.com/viewtopic.php?t=2559

Page 1 of 1

Please write us an XSS filter "regular expression".

Posted: Tue Sep 08, 2009 6:39 pm
by Epischedda13
Folks,

The No-Script XSS warning bar routinely pops up when I visit a mainstream web-site, http://www.star-telegram.com; it's a newspaper so I doubt there's really anything nefarious going on there. So can somebody please respond here with a script of XSS "regular expressions" I can paste into the box under the XSS Options - Advanced tab so I can visit the noted web-site without the XSS warning? The amateurish script I guessed at doesn't work but I don't want to turn off XSS entirely. I know nothing about writing regular expressions.

I've attached (hopefully, if all goes well) a screen-shot that illustrates what I'm talking about: Image

E

Re: Please write us an XSS filter "regular expression".

Posted: Tue Sep 08, 2009 6:49 pm
by epischedda
Folks,

I probably don't need to remind you intrepid code writers responding to my challenge that: newspapers have a lot of "sub-pages" linked from the home page, these sub-pages are constantly being added as each paper's content changes, consequently there's a never-ending supply of new URLs linked from the main/home page.

E

Re: Please write us an XSS filter "regular expression".

Posted: Tue Sep 08, 2009 8:53 pm
by Giorgio Maone
The best thing would be being able to see the Tools|Console [NoScript XSS] lines produced when this happens.
I couldn't reproduce anything by browsing the site casually, however a catch-all exception expression matching all the XSS requests issued from www.star-telegram.com would be

Code: Select all

^@https?://www\.star-telegram\.com/
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited