InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS filter - what's wrong with my URL?

https://forums.informaction.com/viewtopic.php?t=7176

Page 1 of 1

XSS filter - what's wrong with my URL?

Posted: Thu Sep 08, 2011 9:45 pm
by Steven.Colby
Hi all - the XSS filter in NoScript 2.1.2.7 (latest) is sanitizing a URL in my development application and I'm not sure why. Here's an example of the console output:

[NoScript XSS] Sanitized suspicious request. Original URL [http://myserver/app/WebSoilSurvey.aspx? ... 566185826)] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://myserver/app/WebSoilSurvey.aspx? ... 5450294197].

Note the parentheses have been scrubbed. Anybody have any idea why? It doesn't look like a particularly evil query string to me... And yep, I sure could just whitelist the server/app, but I'm curious to know what about the query string is making XSS unhappy.

Thanks!
Steven Colby

Re: XSS filter - what's wrong with my URL?

Posted: Fri Sep 09, 2011 2:04 am
by obiwan
Yes, the XSS filter appears to be broken. It flags requests that can't possibly be considered a XSS risk...

Re: XSS filter - what's wrong with my URL?

Posted: Fri Sep 09, 2011 2:14 am
by obiwan
I did some testing and simplified your example. It flags this query string:

?location=(2)

but not this one

?location=()

Maybe I don't understand, but how are either of those a XSS risk? And if the first is, why isn't the second?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited