InformAction Forums

Posted: **Sun Apr 16, 2023 6:26 pm**

Like BardRT, 100% repeatably, the Wikipedia URL

https://en.wikipedia.org/wiki/Lockwood_ ... _series%29

works, but then when I try to append

?useskin=vector

NoScript changes the URL to

https://en.wikipedia.org/wiki/Lockwood_ ... 8486105782

most notably replacing parentheses with spaces which breaks it.

If I then manually change the spaces back to parentheses using their codes %28 and %29 leaving the pound-random-number then it works, but if I use the characters ( ) or scrape off the pound-random-number then it continues to fail.

NoScript XSS preferences contains the exception

^https?://[a-z]+\.wikipedia\.org/wiki/[^"<>\?%]+$

and I tried adding more punctuation (both escaped and unescaped) to the [] list as well as deleting the list entirely, but did not find anything that helped. And I cannot understand the "Pattern matching sample" test -- whether a URL shows red or black in the test does not seem to correlate with whether or not NoScript replaces parentheses with spaces in practice.

Posted: **Sun Apr 16, 2023 6:41 pm**

I don't have Firefox 45 or the last compatible NoScript version in front of me atm, but maybe try changing that XSS exception to

Code: Select all

^https?://[a-z]+\.wikipedia\.org/wiki/[^"<>\?%]+(?:\?useskin=vector)?$

Posted: **Mon Apr 17, 2023 1:51 pm**

Works! Thank you! Now to see if I can figure out why it is necessary....

InformAction Forums

[NoScript Classic] XSS false positives on wikipedia (split from t=26968)

[NoScript Classic] XSS false positives on wikipedia (split from t=26968)

Re: [NoScript Classic] XSS false positives on wikipedia (split from t=26968)

Re: [NoScript Classic] XSS false positives on wikipedia (split from t=26968)