InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Allowing Google Plus notifications

https://forums.informaction.com/viewtopic.php?t=7302

Page 1 of 1

Allowing Google Plus notifications

Posted: Wed Sep 28, 2011 1:48 pm
by IamaGuest
I get a XSS/clickjacking warning when I try to view notifications for Google Plus in Gmail. I don't want to disable the XSS protection entirely, but I want the notifications to stop in this particular instance.

Google.com is already whitelisted and the following is already in my XSS whitelist:

Code: Select all

^https?://([a-z]+)\.google\.(?:[a-z]{1,3}\.)?[a-z]+/(?:search|custom|\1)\?
I'm not totally up on my regular expressions but should that not also allow plus.google.com?

Any help would be appreciated.

Re: Allowing Google Plus notifications

Posted: Mon Oct 24, 2011 5:58 am
by Tom T.
Sorry that this fell through the cracks for almost a month. I'll flag this for Giorgio's personal attention.

Thank you for your patience.

Re: Allowing Google Plus notifications

Posted: Mon Oct 24, 2011 7:40 am
by Giorgio Maone
Could you please show me at least one instance of [NoScript XSS] line appearing in your Tools>Error Console when this happens?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited