Se sono troppo infastidito dalla meccanica di elenco bianca predefinita di NoScript e userò solo questo componente aggiuntivo con l'opzione "Consenti agli script in tutto il mondo" abilitata, ha ancora senso installare NoScript?
In altre parole: gli altri vantaggi che NoScript offre superano la superficie di attacco potenzialmente più grande che viene dall'installazione di questo addon?
Sì, ha molto senso.
Firefox non ha un filtro XSS, ma noscript ne fornisce uno.
Mentre i filtri XSS lato browser non sono una soluzione ideale per XSS e possono essere aggirati, catturano un gran numero di attacchi XSS riflessi. Poiché questi sono uno degli attacchi Web più comuni, è bene avere una protezione lato client contro di essi (questo è vero anche se fai attenzione a fare clic su collegamenti non fidati; i payload XSS possono anche essere inviati tramite moduli da siti web che vengono ordinati -di fiducia).
Inoltre, noscript fornisce protezione contro il clickjacking. Dichiara inoltre di avere protezioni limitate contro CSRF e che aggiunge automaticamente il flag di sicurezza ai cookie.
La ponderazione di questi vantaggi rispetto agli aspetti negativi dell'installazione di software di terze parti nel tuo browser è difficile, ma la protezione XSS varrebbe la pena per me.
Ok, anche se abiliti " Consenti script a livello globale (pericoloso) ", che non è raccomandato, ma dice chiaramente che è pericoloso , NoScript ti proteggerà da XSS.
Ho caricato file php vulnerabili sul mio server, abilitato " Consenti script a livello globale (pericoloso) ", dopo che NoScript mi ha dato un avvertimento:
NoScript filtered a potential cross-site scripting (XSS) attempt from ...
Se apri la console, vedrai NoScript InjectionChecker
[NoScript InjectionChecker] Iniezione HTML:
<script
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?y\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?g|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?q\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?e|(?:\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?k|\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?j\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?d|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?i?\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?y|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?a|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a?\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?e?|\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?s|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?x|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?e)[^>\w])|['"\s<script
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?y\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?g|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?q\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?e|(?:\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?k|\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?j\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?d|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?i?\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?y|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?a|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a?\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?e?|\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?s|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?x|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?e)[^>\w])|['"\s%pre%/](?:formaction|style|background|src|lowsrc|ping|on(?:m(?:o(?:z(?:browser(?:beforekey(?:down|up)|afterkey(?:down|up))|(?:network(?:down|up)loa|accesskeynotfoun)d|pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|interrupt(?:begin|end)|key(?:down|up)onplugin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|a(?:p(?:se(?:tmessagestatus|ndmessage)|message(?:slisting|update)|folderlisting|getmessage)req|rk)|essage)|c(?:o(?:n(?:nect(?:i(?:on(?:statechanged|available)|ng)|ed)?|t(?:rol(?:lerchange|select)|extmenu)|figurationchange)|m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|py)|h(?:a(?:r(?:ging(?:time)?change|acteristicchanged)|nge)|ecking)|a(?:n(?:play(?:through)?|cel)|(?:llschang|ch)ed|rdstatechange)|u(?:rrent(?:channel|source)changed|echange|t)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change)|p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|ster)|a(?:i(?:ring(?:con(?:firmation|sent)req|aborted)|nt)|ge(?:hide|show)|(?:st|us)e)|u(?:ll(?:vcard(?:listing|entry)|phonebook)req|sh(?:subscriptionchange)?)|r(?:o(?:pertychange|gress)|eviewstatechange)|(?:(?:ending|ty|s)chang|ic(?:hang|tur))e|lay(?:ing)?|hoto)|d(?:e(?:vice(?:p(?:roximity|aired)|(?:orienta|mo)tion|(?:unpaire|foun)d|change|light)|l(?:ivery(?:success|error)|eted)|activate)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed)?)|playpasskeyreq|abled)|aling)|r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|in)|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)?|urationchange|ownloading|blclick)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|o(?:rage(?:areachanged)?|p)|k(?:sessione|comma)nd)|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|n(?:ding|t)|t)|ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|c(?:(?:anningstate|ostatus)changed|roll)|pe(?:akerforcedchange|ech(?:start|end))|u(?:ccess|spend|bmit)|h(?:utter|ow))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|mo(?:ve(?:sourcebuffer|track)|te(?:resume|hel)d)|ad(?:y(?:statechange)?|success|error)|c(?:orderstatechange|eived)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:(?:adiost)?ate|t)change|ds(?:dis|en)abled)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|d(?:d(?:sourcebuffer|track)|apter(?:remov|add)ed)|ttribute(?:(?:write|read)req|changed)|fter(?:(?:scriptexecu|upda)te|print)|b(?:solutedeviceorientation|ort)|ctiv(?:estatechanged|ate)|udio(?:process|start|end)|2dpstatuschanged|lerting)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|u(?:fferedamountlow|sy)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|w(?:eb(?:kit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|socket)|a(?:it|rn)ing|heel)|e(?:n(?:ter(?:pincodereq)?|(?:crypt|abl)ed|d(?:Event|ed)?)|m(?:ergencycbmodechange|ptied)|(?:itbroadcas|vic)ted|rror(?:update)?|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|ullscreen(?:change|error)|i(?:lterchange|nish)|a(?:cesdetect|il)ed|requencychange|etch)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|o(?:(?:(?:rientation|tastatus)chang|(?:ff|n)lin)e|b(?:expasswordreq|solete)|verflow(?:changed)?|pen)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ime(?:update|out)|e(?:rminate|xt)|ransitionend|ypechange)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|v(?:rdisplay(?:(?:dis)?connect|presentchange)|o(?:ice(?:schanged|change)|lumechange)|ersionchange)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|h(?:e(?:adphoneschange|l[dp])|(?:fp|id)statuschanged|ashchange|olding)|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|n(?:o(?:tificationcl(?:ick|ose)|update|match)|ewrdsgroup)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s%pre%]*=
[NoScript XSS] Blocked susspisious request: [https://-mywebsite-/index.php?name=%22%3E%3Cscript%3Ealert(xss);%3C/script%3E]
/](?:formaction|style|background|src|lowsrc|ping|on(?:m(?:o(?:z(?:browser(?:beforekey(?:down|up)|afterkey(?:down|up))|(?:network(?:down|up)loa|accesskeynotfoun)d|pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|interrupt(?:begin|end)|key(?:down|up)onplugin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|a(?:p(?:se(?:tmessagestatus|ndmessage)|message(?:slisting|update)|folderlisting|getmessage)req|rk)|essage)|c(?:o(?:n(?:nect(?:i(?:on(?:statechanged|available)|ng)|ed)?|t(?:rol(?:lerchange|select)|extmenu)|figurationchange)|m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|py)|h(?:a(?:r(?:ging(?:time)?change|acteristicchanged)|nge)|ecking)|a(?:n(?:play(?:through)?|cel)|(?:llschang|ch)ed|rdstatechange)|u(?:rrent(?:channel|source)changed|echange|t)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change)|p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|ster)|a(?:i(?:ring(?:con(?:firmation|sent)req|aborted)|nt)|ge(?:hide|show)|(?:st|us)e)|u(?:ll(?:vcard(?:listing|entry)|phonebook)req|sh(?:subscriptionchange)?)|r(?:o(?:pertychange|gress)|eviewstatechange)|(?:(?:ending|ty|s)chang|ic(?:hang|tur))e|lay(?:ing)?|hoto)|d(?:e(?:vice(?:p(?:roximity|aired)|(?:orienta|mo)tion|(?:unpaire|foun)d|change|light)|l(?:ivery(?:success|error)|eted)|activate)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed)?)|playpasskeyreq|abled)|aling)|r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|in)|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)?|urationchange|ownloading|blclick)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|o(?:rage(?:areachanged)?|p)|k(?:sessione|comma)nd)|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|n(?:ding|t)|t)|ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|c(?:(?:anningstate|ostatus)changed|roll)|pe(?:akerforcedchange|ech(?:start|end))|u(?:ccess|spend|bmit)|h(?:utter|ow))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|mo(?:ve(?:sourcebuffer|track)|te(?:resume|hel)d)|ad(?:y(?:statechange)?|success|error)|c(?:orderstatechange|eived)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:(?:adiost)?ate|t)change|ds(?:dis|en)abled)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|d(?:d(?:sourcebuffer|track)|apter(?:remov|add)ed)|ttribute(?:(?:write|read)req|changed)|fter(?:(?:scriptexecu|upda)te|print)|b(?:solutedeviceorientation|ort)|ctiv(?:estatechanged|ate)|udio(?:process|start|end)|2dpstatuschanged|lerting)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|u(?:fferedamountlow|sy)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|w(?:eb(?:kit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|socket)|a(?:it|rn)ing|heel)|e(?:n(?:ter(?:pincodereq)?|(?:crypt|abl)ed|d(?:Event|ed)?)|m(?:ergencycbmodechange|ptied)|(?:itbroadcas|vic)ted|rror(?:update)?|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|ullscreen(?:change|error)|i(?:lterchange|nish)|a(?:cesdetect|il)ed|requencychange|etch)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|o(?:(?:(?:rientation|tastatus)chang|(?:ff|n)lin)e|b(?:expasswordreq|solete)|verflow(?:changed)?|pen)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ime(?:update|out)|e(?:rminate|xt)|ransitionend|ypechange)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|v(?:rdisplay(?:(?:dis)?connect|presentchange)|o(?:ice(?:schanged|change)|lumechange)|ersionchange)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|h(?:e(?:adphoneschange|l[dp])|(?:fp|id)statuschanged|ashchange|olding)|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|n(?:o(?:tificationcl(?:ick|ose)|update|match)|ewrdsgroup)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s%pre%]*=
[NoScript XSS] Blocked susspisious request: [https://-mywebsite-/index.php?name=%22%3E%3Cscript%3Ealert(xss);%3C/script%3E]
Questo filtro funziona anche se disponi di tale sito web nella whitelist.
Leggi altre domande sui tag firefox