Loading Profile...
Bypassing XSS within NoScript for Gawker pages
Would someone over there be kind enough to post a regular expression so NoScript will bypass your XSS to facebook.
I’m not pleasede
3
people have this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?I've tried adding ^http://gizmodo\.com/ and ^http://gawker\.com/, etc to my filter list, but its not working.
I’m frustrated.
-
Inappropriate?I may have figured it out... I added the following regular expressions to my filter list:
^http://valleywag\.com/\d{7}/\S{0,}
^http://gizmodo\.com/\d{7}/\S{0,}
^http://consumerist\.com/\d{7}/\S{0,}
^http://lifehacker\.com/\d{7}/\S{0,}
^http://jalopnik\.com/\d{7}/\S{0,}
It *appears* to be working now. For those who don't/can't read regexs let me explain so you can customize as needed.
Example:
^http://valleywag\.com/\d{7}/\S{2,}
^ - matching at the start of the string, i.e. having blahhttp:// won't work but http://blah will
http://valleywag - the site
\. - since . is used in regex, you need to escape it with the backslash
com/ - the rest of the address
\d - matches a digit
{7} - matches exactly 7 of the preceding pattern, i.e. 7 digits
/ - part of the web address
\S - any symbol, alpha character, space, dash, etc
{0,} - matches zero to undetermined of the preceding pattern. Since we don't specify an upper-bounds, it goes to the end of the string.
Therefore the following string will match:
http://valleywag.com/5111818/laid+off...
as will any that follow the pattern.
Hope this helps!
I’m meh.
-
Inappropriate?Pezwhore's fix SEEMS like it should work, but doesn't for me. I'm deeply unhappy with Gawker's decision to cross-pollinate with Facebook - it seems like a security rape just waiting to happen.
I’m annoyed.
