Like BardRT, 100% repeatably, the Wikipedia URL
https://en.wikipedia.org/wiki/Lockwood_ ... _series%29
works, but then when I try to append
?useskin=vector
NoScript changes the URL to
https://en.wikipedia.org/wiki/Lockwood_ ... 8486105782
most notably replacing parentheses with spaces which breaks it.
If I then manually change the spaces back to parentheses using their codes %28 and %29 leaving the pound-random-number then it works, but if I use the characters ( ) or scrape off the pound-random-number then it continues to fail.
NoScript XSS preferences contains the exception
^https?://[a-z]+\.wikipedia\.org/wiki/[^"<>\?%]+$
and I tried adding more punctuation (both escaped and unescaped) to the [] list as well as deleting the list entirely, but did not find anything that helped. And I cannot understand the "Pattern matching sample" test -- whether a URL shows red or black in the test does not seem to correlate with whether or not NoScript replaces parentheses with spaces in practice.
[NoScript Classic] XSS false positives on wikipedia (split from t=26968)
[NoScript Classic] XSS false positives on wikipedia (split from t=26968)
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:45.0) Gecko/20100101 Firefox/45.0
Re: [NoScript Classic] XSS false positives on wikipedia (split from t=26968)
I don't have Firefox 45 or the last compatible NoScript version in front of me atm, but maybe try changing that XSS exception to
Code: Select all
^https?://[a-z]+\.wikipedia\.org/wiki/[^"<>\?%]+(?:\?useskin=vector)?$
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/112.0
Re: [NoScript Classic] XSS false positives on wikipedia (split from t=26968)
Works! Thank you! Now to see if I can figure out why it is necessary....
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:45.0) Gecko/20100101 Firefox/45.0