False positive in XSS detection of MS Visual Studio Help
Posted: Tue Jun 12, 2012 3:29 am
Am using Microsoft Visual Studio 2010 to write a Visual Basic program. When I try to retrieve information from VS online help, it is blocked as a forbidden cross-site script. Here is the console info:
I'm guessing that a regular expression should be added to allow these help requests to go through, but my regex knowledge is too rusty for me to do it myself.
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ///query/dev10.query?appId=Dev10IDEF1&l=EN-US&k=k(MICROSOFT.VISUALBASIC.MYSERVICES.FILESYSTEMPROXY.SPECIALDIRECTORIES);k(TargetFrameworkMoniker-".NETFRAMEWORK,VERSION=V4.0");k(DevLang-VB)&rd=true
(function anonymous() {k(MICROSOFT.VISUALBASIC.MYSERVICES.FILESYSTEMPROXY.SPECIALDIRECTORIES);k(TargetFrameworkMoniker - 0 / 0);DUMMY_EXPR;})Code: Select all
[NoScript XSS] Sanitized suspicious request. Original URL [http://msdn.microsoft.com/query/dev10.query?appId=Dev10IDEF1&l=EN-US&k=k(MICROSOFT.VISUALBASIC.MYSERVICES.FILESYSTEMPROXY.SPECIALDIRECTORIES);k(TargetFrameworkMoniker-%22.NETFRAMEWORK%2cVERSION%3dV4.0%22);k(DevLang-VB)&rd=true] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://msdn.microsoft.com/query/dev10.query?appId=Dev10IDEF1&l=EN-US&k=k%20MICROSOFT.VISUALBASIC.MYSERVICES.FILESYSTEMPROXY.SPECIALDIRECTORIES%20%3Bk%20TargetFrameworkMoniker-%20.NETFRAMEWORK%2CVERSION%20V4.0%20%20%3Bk%20DevLang-VB%20&rd=true#3601228522089822461].