Page 1 of 1
XSS filter, how to whilelist a site?
Posted: Fri Jun 22, 2012 5:55 pm
by dbh369
I keep getting XSS filtering on pages like the Wall Street Journal. Except for unsafe reload, there doesn't seem to be a way to correct this, is there a straight-forward way to assume xss is safe?
Dave
Re: XSS filter, how to whilelist a site?
Posted: Sat Jun 23, 2012 4:55 am
by Thrawn
Are you confident that this page is actually immune to XSS attacks? I know you're seeing false positives, but are you sure that the page would correctly sanitise a real attack? After all, if their regular traffic looks like XSS, then there may be some sloppy coding happening...
If you've checked and you're confident, then it's in the FAQ:
http://noscript.net/faq#qa4_4
Re: XSS filter, how to whilelist a site?
Posted: Tue Oct 09, 2012 9:48 pm
by GµårÐïåñ
Depends on how much you know about programming and/or how savvy you are. You can go to NoScript Options|Advanced Tab|XSS Tab and either:
1) disable it (not recommended)
2) add an exception to the area that has a few others already
3) or go to
about:config|noscript.xss.checkInclusions.exceptions and put it there
You have tons of options, just make sure you know what you are doing and if in doubt, verify before using it. Sending us the exact XSS message from your Error Console will help in the crafting of the exception.