[Resolved] XSS false positive?
Posted: Mon Jun 26, 2023 3:42 am
Firefox 114.0.2
NoScript 11.4.23rc4
new profile
This DuckDuckGo search from the Firefox address bar or search bar
produces the following XSS warning -
Not seeing what looks like XSS here, but apparently it's something about the apostrophe that got mangled? Deleting that and typing a new apostrophe in its place no longer results in the XSS warning.
NoScript 11.4.23rc4
new profile
This DuckDuckGo search from the Firefox address bar or search bar
Code: Select all
St Ego - You’re Over Me (Larson (AR) Remix)
Code: Select all
NoScript detected a potential Cross-Site Scripting attack
from [...] to https://duckduckgo.com.
Suspicious data:
(URL) https://duckduckgo.com/?t=ffab&q=St+Ego+-+Youâre+Over+Me+(Larson+(AR)+Remix)