InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS filter false positive

https://forums.informaction.com/viewtopic.php?t=26404

Page 1 of 1

XSS filter false positive

Posted: Tue Aug 17, 2021 7:55 pm
by barbaz
NoScript 11.2.12rc1
Firefox 90.0

This link https://tunein.com/radio/Radio-Schizoid ... o-s298310/ triggers the XSS filter, but it contains no attempted XSS, nor anything that even looks like XSS.

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://forums.informaction.com to https://tunein.com.

Suspicious data:

(URL) https://tunein.com/radio/Radio-Schizoid---Dub-Techno-s298310/
It even triggers if I just paste that URL in the address bar.

Re: XSS filter false positive

Posted: Wed Aug 18, 2021 3:58 pm
by therube
(Confirmed [the popup that is].
I'll also note that the site pops up an [almost] frameless [is that the right word?] window, & that window has no NoScript icon, but NoScript can still be reached from a context-menu [or I suppose ? you could block sites from removing window frames].)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited