I've got NoScript installed in firefox, when I google a page with ',
ä, ü, ö, ß or something like that it the title NoScript deletes these
as a XSS attempt. I put my own page on the XSS whitelist but it seems
that the standard whitelist already contains wikipedia, and I still
have problems.
When I go to:
http://www.google.de/search?q=ANTM+%22A ... ipedia.org
and click the link, it calls:
http://en.wikipedia.org/wiki/America's_Next_Top_Model
this is change to
http://en.wikipedia.org/wiki/America_s_Next_Top_Model
firefox caches the reply for some reason and
http://en.wikipedia.org/wiki/America's_Next_Top_Model
goes on not working till I call for example a
http://en.wikipedia.org/wiki/America's_ ... tion=purge
The NoScript Console says:
[NoScript XSS] Sanitized suspicious request referer. URL [http://
en.wikipedia.org/wiki/America's_Next_Top_Model (REF:
http://www.google.de/search?q=america's ... =firefox-a)]
requested from [http://www.google.de/search?q=america's+next+top
+model&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-
US:official&client=firefox-a]. Sanitized Referrer: [http://
en.wikipedia.org/wiki/America's_Next_Top_Model].)
and
[NoScript XSS] Sanitized suspicious request. Original URL [http://
en.wikipedia.org/wiki/America's_Next_Top_Model] requested from [http://
www.google.de/search?q=america's+next+t ... =firefox-a].
Sanitized URL: [http://en.wikipedia.org/wiki/America
%20s_Next_Top_Model].)
My reply:
--I get the same behavior too. google.de is not whitelisted.
wikipedia.org is whitelisted. Might be a bug in NoScript because the
sanitization is replacing the apostrophe with a space according to this
message NoScript put in the Error Console:
[NoScript XSS] Sanitized suspicious request. Original URL
[http://en.wikipedia.org/wiki/America's_Next_Top_Model] requested from
[http://www.google.de/search?q=ANTM+%22ANTM+redirects+here%22+site%3Aen.wikipedia.org].
Sanitized URL:
[http://en.wikipedia.org/wiki/America%20s_Next_Top_Model].
If you can, post this problem in the official NoScript topic in the
MozillaZine forums at
http://forums.mozillazine.org/viewtopic ... order=desc. The
developer of NoScript provides support for NoScript there. In the
meantime I'll post a copy of this problem there because I do think it's
something that the developer should know about.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
NoScript 1.1.4.8.070502