InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

False XSS warning.

https://forums.informaction.com/viewtopic.php?t=305

Page 1 of 1

False XSS warning.

Posted: Fri Apr 03, 2009 1:00 am
by geeknik
I'm using the bookmarklet from http://reg.imageshack.us/content.php?page=transloader to upload images to imageshack.us from another site w/o having to save the image to my drive. However, I get this error when trying to do so.

[NoScript XSS] Sanitized suspicious upload to [http://imageshack.us/transload.php] from [moz-nullprincipal:{36973df9-b5cc-46f8-8262-7d222fbd20b1}]: transformed into a download-only GET request.

I have allowed imageshack.us and I have temporarily allowed the site I'm uploading the image from. Any ideas?

Re: False XSS warning.

Posted: Fri Apr 03, 2009 1:10 am
by Giorgio Maone
Either forbid imageshack.us (not sure if it's feasible for other operations) or add the following line to NoScript Options|Advanced|XSS exceptions:

Code: Select all

^http://imageshack\.us/transload\.php$

Re: False XSS warning.

Posted: Fri Apr 03, 2009 1:18 am
by geeknik
Thanks. Adding that code worked. :)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited