InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS filter false positive

https://forums.informaction.com/viewtopic.php?t=26331

Page 1 of 1

XSS filter false positive

Posted: Fri May 14, 2021 10:11 pm
by barbaz
Doing a DuckDuckGo search from the FF search bar for (content warning)

Code: Select all

Doddy Gatz - Malicious Mackin' (Feat. BAKER) (Prod. Genshin)
... produces this XSS warning -

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from [...] to https://duckduckgo.com.

Suspicious data:

(URL) https://duckduckgo.com/?t=ffsb&q=Doddy+Gatz+-+Malicious+Mackin'+(Feat.+BAKER)+(Prod.+Genshin)&ia=web
But there's no XSS there.

Re: XSS filter false positive

Posted: Fri May 28, 2021 2:24 pm
by barbaz
bump

Re: XSS filter false positive

Posted: Fri May 28, 2021 2:32 pm
by Giorgio Maone
It's the

Code: Select all

(Feat. BAKER) (Prod. Genshin)
following a potential string break

Code: Select all

Mackin'
looking like a suspicious syntactically valid JavaScript fragment.
Not sure what to do to lower sensitivity here, will think about it.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited