Problem between NoScript XSS and tumblr/missing e
Posted: Wed Apr 18, 2012 6:39 am
This problem came up recently, and I'm not really sure from which side this error comes from, noscript or missing e. I'm going to send an email to the programmer for that add on, but I thought I could post about this here as well.
There is a feature in Missing E that allows me to post my crushes from my follower's page. However, when I attempt to use that feature, the XSS blocking thing kicks in. This never happened before.
This is from the Error Console.
I didn't take nearly enough Computer Science to know how to do the Regular Expressions to put this in the exception list. Anyone care to help?
There is a feature in Missing E that allows me to post my crushes from my follower's page. However, when I attempt to use that feature, the XSS blocking thing kicks in. This never happened before.
This is from the Error Console.
Code: Select all
[quote][NoScript XSS] Sanitized suspicious request. Original URL [http://www.tumblr.com/new/photo?post%5Bone%5D=&post%5Btwo%5D=%3Cp%3E%3Cstrong%3ETumblr%20Crushes%3A%3C%2Fstrong%3E%3C%2Fp%3E%3Cul%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Floli-pops.tumblr.com%2F%22%3Eloli-pops%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Flordgrumpy.tumblr.com%2F%22%3Elordgrumpy%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Ftakayababy.tumblr.com%2F%22%3Etakayababy%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Fapricotsamurai.tumblr.com%2F%22%3Eapricotsamurai%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Fjinseimajo.tumblr.com%2F%22%3Ejinseimajo%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Fstrawberrykappas.tumblr.com%2F%22%3Estrawberrykappas%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Ftsunofabitch.tumblr.com%2F%22%3Etsunofabitch%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Fbalhalla.tumblr.com%2F%22%3Ebalhalla%3C%2Fa%3E%3C%2Fli%3E%3Cli%3E%3Ca%20href%3D%22http%3A%2F%2Fminatobaby.tumblr.com%2F%22%3Eminatobaby%3C%2Fa%3E%3C%2Fli%3E%3C%2Ful%3E%3Cp%3E%3C%2Fp%3E&post%5Bthree%5D=] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://www.tumblr.com/new/photo?post%20one%20=&post%20two%20=%20p%3E%20strong%3ETumblr%20Crushes%3A%20%2Fstrong%3E%20%2Fp%3E%20ul%3E%20li%3E%20a%20href%20%20http%3A%2F%2Floli-pops.tumblr.com%2F%20%3Eloli-pops%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Flordgrumpy.tumblr.com%2F%20%3Elordgrumpy%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Ftakayababy.tumblr.com%2F%20%3Etakayababy%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Fapricotsamurai.tumblr.com%2F%20%3Eapricotsamurai%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Fjinseimajo.tumblr.com%2F%20%3Ejinseimajo%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Fstrawberrykappas.tumblr.com%2F%20%3Estrawberrykappas%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Ftsunofabitch.tumblr.com%2F%20%3Etsunofabitch%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Fbalhalla.tumblr.com%2F%20%3Ebalhalla%20%2Fa%3E%20%2Fli%3E%20li%3E%20a%20href%20%20http%3A%2F%2Fminatobaby.tumblr.com%2F%20%3Eminatobaby%20%2Fa%3E%20%2Fli%3E%20%2Ful%3E%20p%3E%20%2Fp%3E&post%20three%20=#5829813258691289412].
[NoScript InjectionChecker] JavaScript Injection in ///new/photo?post[one]=&post[two]=<p><strong>Tumblr Crushes:</strong></p><ul><li><a href="http://loli-pops.tumblr.com/">loli-pops</a></li><li><a href="http://lordgrumpy.tumblr.com/">lordgrumpy</a></li><li><a href="http://takayababy.tumblr.com/">takayababy</a></li><li><a href="http://apricotsamurai.tumblr.com/">apricotsamurai</a></li><li><a href="http://jinseimajo.tumblr.com/">jinseimajo</a></li><li><a href="http://strawberrykappas.tumblr.com/">strawberrykappas</a></li><li><a href="http://tsunofabitch.tumblr.com/">tsunofabitch</a></li><li><a href="http://balhalla.tumblr.com/">balhalla</a></li><li><a href="http://minatobaby.tumblr.com/">minatobaby</a></li></ul><p></p>&post[three]=
(function anonymous() {post[one] = DUMMY_EXPR;})[/quote]