Seguridad de Firefox con NoScript

3

Si estoy muy molesto por el mecanismo predeterminado de lista blanca de NoScript y solo usaría este complemento con la opción "permitir scripts globalmente" habilitada, ¿todavía tiene sentido tener NoScript instalado?

En otras palabras: ¿Los otros beneficios que proporciona NoScript superan la superficie de ataque potencialmente más grande que se obtiene al instalar este complemento?

    
pregunta user137291 24.01.2017 - 16:51
fuente

2 respuestas

3

Sí, tiene mucho sentido.

Firefox no tiene un filtro XSS, pero noscript proporciona uno.

Si bien los filtros XSS del lado del navegador no son una solución ideal para XSS y posiblemente se pueden omitir, sí detectan una gran cantidad de ataques XSS reflejados. Como estos son uno de los ataques web más comunes, es bueno tener alguna protección del lado del cliente contra ellos (esto es así incluso si tiene cuidado al hacer clic en los enlaces que no son de confianza; las cargas de pago XSS también pueden enviarse a través de los formularios de los sitios web que clasifica). -de confianza).

Además, noscript proporciona protección contra clickjacking. También afirma tener protecciones limitadas contra CSRF y que agrega automáticamente la marca de seguridad a las cookies.

Poner en una balanza estos beneficios frente a los inconvenientes de instalar software de terceros en su navegador es difícil, pero solo la protección XSS valdría la pena para mí.

    
respondido por el tim 25.01.2017 - 11:02
fuente
3

Bien, incluso si habilitas " Permitir scripts globalmente (peligrosos) ", lo cual no se recomienda, pero claramente dice que es peligroso , NoScript te protegerá desde XSS.

He subido un archivo php vulnerable a mi servidor, habilité " Permitir scripts globalmente (peligroso) ", después de eso, NoScript me dio una advertencia:

  

NoScript filtró un posible intento de secuencias de comandos entre sitios (XSS) desde   ...

Si abre la consola, verá NoScript InjectionChecker

[NoScript InjectionChecker] inyección de HTML:

<script
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?y\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?g|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?q\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?e|(?:\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?k|\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?j\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?d|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?i?\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?y|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?a|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a?\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?e?|\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?s|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?x|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?e)[^>\w])|['"\s
<script
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?y\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?g|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?q\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?e|(?:\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?k|\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?j\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?c\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?d|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?l\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?p\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m|\W*(?:\/[*/][\s\S]*)?i?\W*(?:\/[*/][\s\S]*)?f\W*(?:\/[*/][\s\S]*)?r\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?o\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?y|\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?a|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a?\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?e?|\W*(?:\/[*/][\s\S]*)?v\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?u\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?o|\W*(?:\/[*/][\s\S]*)?b\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?g\W*(?:\/[*/][\s\S]*)?s|\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?t|\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?s\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?d\W*(?:\/[*/][\s\S]*)?e\W*(?:\/[*/][\s\S]*)?x|\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?n\W*(?:\/[*/][\s\S]*)?i\W*(?:\/[*/][\s\S]*)?m\W*(?:\/[*/][\s\S]*)?a\W*(?:\/[*/][\s\S]*)?t\W*(?:\/[*/][\s\S]*)?e)[^>\w])|['"\s%pre%/](?:formaction|style|background|src|lowsrc|ping|on(?:m(?:o(?:z(?:browser(?:beforekey(?:down|up)|afterkey(?:down|up))|(?:network(?:down|up)loa|accesskeynotfoun)d|pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|interrupt(?:begin|end)|key(?:down|up)onplugin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|a(?:p(?:se(?:tmessagestatus|ndmessage)|message(?:slisting|update)|folderlisting|getmessage)req|rk)|essage)|c(?:o(?:n(?:nect(?:i(?:on(?:statechanged|available)|ng)|ed)?|t(?:rol(?:lerchange|select)|extmenu)|figurationchange)|m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|py)|h(?:a(?:r(?:ging(?:time)?change|acteristicchanged)|nge)|ecking)|a(?:n(?:play(?:through)?|cel)|(?:llschang|ch)ed|rdstatechange)|u(?:rrent(?:channel|source)changed|echange|t)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change)|p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|ster)|a(?:i(?:ring(?:con(?:firmation|sent)req|aborted)|nt)|ge(?:hide|show)|(?:st|us)e)|u(?:ll(?:vcard(?:listing|entry)|phonebook)req|sh(?:subscriptionchange)?)|r(?:o(?:pertychange|gress)|eviewstatechange)|(?:(?:ending|ty|s)chang|ic(?:hang|tur))e|lay(?:ing)?|hoto)|d(?:e(?:vice(?:p(?:roximity|aired)|(?:orienta|mo)tion|(?:unpaire|foun)d|change|light)|l(?:ivery(?:success|error)|eted)|activate)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed)?)|playpasskeyreq|abled)|aling)|r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|in)|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)?|urationchange|ownloading|blclick)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|o(?:rage(?:areachanged)?|p)|k(?:sessione|comma)nd)|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|n(?:ding|t)|t)|ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|c(?:(?:anningstate|ostatus)changed|roll)|pe(?:akerforcedchange|ech(?:start|end))|u(?:ccess|spend|bmit)|h(?:utter|ow))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|mo(?:ve(?:sourcebuffer|track)|te(?:resume|hel)d)|ad(?:y(?:statechange)?|success|error)|c(?:orderstatechange|eived)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:(?:adiost)?ate|t)change|ds(?:dis|en)abled)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|d(?:d(?:sourcebuffer|track)|apter(?:remov|add)ed)|ttribute(?:(?:write|read)req|changed)|fter(?:(?:scriptexecu|upda)te|print)|b(?:solutedeviceorientation|ort)|ctiv(?:estatechanged|ate)|udio(?:process|start|end)|2dpstatuschanged|lerting)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|u(?:fferedamountlow|sy)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|w(?:eb(?:kit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|socket)|a(?:it|rn)ing|heel)|e(?:n(?:ter(?:pincodereq)?|(?:crypt|abl)ed|d(?:Event|ed)?)|m(?:ergencycbmodechange|ptied)|(?:itbroadcas|vic)ted|rror(?:update)?|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|ullscreen(?:change|error)|i(?:lterchange|nish)|a(?:cesdetect|il)ed|requencychange|etch)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|o(?:(?:(?:rientation|tastatus)chang|(?:ff|n)lin)e|b(?:expasswordreq|solete)|verflow(?:changed)?|pen)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ime(?:update|out)|e(?:rminate|xt)|ransitionend|ypechange)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|v(?:rdisplay(?:(?:dis)?connect|presentchange)|o(?:ice(?:schanged|change)|lumechange)|ersionchange)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|h(?:e(?:adphoneschange|l[dp])|(?:fp|id)statuschanged|ashchange|olding)|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|n(?:o(?:tificationcl(?:ick|ose)|update|match)|ewrdsgroup)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s%pre%]*=

[NoScript XSS] Blocked susspisious request: [https://-mywebsite-/index.php?name=%22%3E%3Cscript%3Ealert(xss);%3C/script%3E]
/](?:formaction|style|background|src|lowsrc|ping|on(?:m(?:o(?:z(?:browser(?:beforekey(?:down|up)|afterkey(?:down|up))|(?:network(?:down|up)loa|accesskeynotfoun)d|pointerlock(?:change|error)|(?:orientation|time)change|fullscreen(?:change|error)|interrupt(?:begin|end)|key(?:down|up)onplugin)|use(?:(?:lea|mo)ve|o(?:ver|ut)|enter|wheel|down|up)|ve(?:start|end)?)|a(?:p(?:se(?:tmessagestatus|ndmessage)|message(?:slisting|update)|folderlisting|getmessage)req|rk)|essage)|c(?:o(?:n(?:nect(?:i(?:on(?:statechanged|available)|ng)|ed)?|t(?:rol(?:lerchange|select)|extmenu)|figurationchange)|m(?:p(?:osition(?:update|start|end)|lete)|mand(?:update)?)|py)|h(?:a(?:r(?:ging(?:time)?change|acteristicchanged)|nge)|ecking)|a(?:n(?:play(?:through)?|cel)|(?:llschang|ch)ed|rdstatechange)|u(?:rrent(?:channel|source)changed|echange|t)|l(?:i(?:rmodechange|ck)|ose)|(?:fstate|ell)change)|p(?:o(?:inter(?:l(?:ock(?:change|error)|eave)|o(?:ver|ut)|cancel|enter|down|move|up)|p(?:up(?:hid(?:den|ing)|show(?:ing|n))|state)|ster)|a(?:i(?:ring(?:con(?:firmation|sent)req|aborted)|nt)|ge(?:hide|show)|(?:st|us)e)|u(?:ll(?:vcard(?:listing|entry)|phonebook)req|sh(?:subscriptionchange)?)|r(?:o(?:pertychange|gress)|eviewstatechange)|(?:(?:ending|ty|s)chang|ic(?:hang|tur))e|lay(?:ing)?|hoto)|d(?:e(?:vice(?:p(?:roximity|aired)|(?:orienta|mo)tion|(?:unpaire|foun)d|change|light)|l(?:ivery(?:success|error)|eted)|activate)|i(?:s(?:c(?:hargingtimechange|onnect(?:ing|ed)?)|playpasskeyreq|abled)|aling)|r(?:a(?:g(?:e(?:n(?:ter|d)|xit)|(?:gestur|leav)e|start|drop|over)?|in)|op)|ata(?:setc(?:omplete|hanged)|(?:availabl|chang)e|error)?|urationchange|ownloading|blclick)|s(?:t(?:a(?:t(?:uschanged|echange)|lled|rt)|o(?:rage(?:areachanged)?|p)|k(?:sessione|comma)nd)|e(?:lect(?:ionchange|start)?|ek(?:ing|ed)|n(?:ding|t)|t)|ou(?:rce(?:(?:clos|end)ed|open)|nd(?:start|end))|c(?:(?:anningstate|ostatus)changed|roll)|pe(?:akerforcedchange|ech(?:start|end))|u(?:ccess|spend|bmit)|h(?:utter|ow))|r(?:e(?:s(?:ourcetimingbufferfull|u(?:m(?:ing|e)|lt)|ize|et)|mo(?:ve(?:sourcebuffer|track)|te(?:resume|hel)d)|ad(?:y(?:statechange)?|success|error)|c(?:orderstatechange|eived)|questmediaplaystatus|pea(?:tEven)?t|loadpage|trieving)|ow(?:s(?:inserted|delete)|e(?:nter|xit))|(?:(?:adiost)?ate|t)change|ds(?:dis|en)abled)|a(?:n(?:imation(?:iteration|start|end)|tennaavailablechange)|d(?:d(?:sourcebuffer|track)|apter(?:remov|add)ed)|ttribute(?:(?:write|read)req|changed)|fter(?:(?:scriptexecu|upda)te|print)|b(?:solutedeviceorientation|ort)|ctiv(?:estatechanged|ate)|udio(?:process|start|end)|2dpstatuschanged|lerting)|Moz(?:S(?:wipeGesture(?:(?:May)?Start|Update|End)?|crolledAreaChanged)|M(?:agnifyGesture(?:Update|Start)?|ouse(?:PixelScroll|Hittest))|EdgeUI(?:C(?:omplet|ancel)|Start)ed|RotateGesture(?:Update|Start)?|(?:Press)?TapGesture|AfterPaint)|b(?:e(?:for(?:e(?:(?:scriptexecu|activa)te|e(?:ditfocus|victed)|u(?:nload|pdate)|p(?:aste|rint)|c(?:opy|ut))|deactivate)|gin(?:Event)?)|u(?:fferedamountlow|sy)|oun(?:dary|ce)|l(?:ocked|ur)|roadcast)|DOM(?:Node(?:Inserted(?:IntoDocument)?|Removed(?:FromDocument)?)|(?:CharacterData|Subtree)Modified|A(?:ttrModified|ctivate)|Focus(?:Out|In)|MouseScroll)|w(?:eb(?:kit(?:Animation(?:Iteration|Start|End)|animation(?:iteration|start|end)|(?:TransitionE|transitione)nd)|socket)|a(?:it|rn)ing|heel)|e(?:n(?:ter(?:pincodereq)?|(?:crypt|abl)ed|d(?:Event|ed)?)|m(?:ergencycbmodechange|ptied)|(?:itbroadcas|vic)ted|rror(?:update)?|xit)|f(?:o(?:rm(?:change|input)|cus(?:out|in)?)|ullscreen(?:change|error)|i(?:lterchange|nish)|a(?:cesdetect|il)ed|requencychange|etch)|l(?:o(?:ad(?:e(?:d(?:meta)?data|nd)|ing(?:error|done)?|start)?|s(?:tpointer|e)capture)|(?:anguage|evel)change|y)|o(?:(?:(?:rientation|tastatus)chang|(?:ff|n)lin)e|b(?:expasswordreq|solete)|verflow(?:changed)?|pen)|t(?:o(?:uch(?:cancel|start|move|end)|ggle)|ime(?:update|out)|e(?:rminate|xt)|ransitionend|ypechange)|u(?:p(?:date(?:(?:fou|e)nd|ready|start)?|gradeneeded)|s(?:erproximity|sdreceived)|n(?:derflow|load))|v(?:rdisplay(?:(?:dis)?connect|presentchange)|o(?:ice(?:schanged|change)|lumechange)|ersionchange)|g(?:amepad(?:(?:dis)?connected|button(?:down|up)|axismove)|(?:otpointercaptur|roupchang)e|et)|h(?:e(?:adphoneschange|l[dp])|(?:fp|id)statuschanged|ashchange|olding)|i(?:cc(?:(?:info)?change|(?:un)?detected)|n(?:coming|stall|valid|put))|n(?:o(?:tificationcl(?:ick|ose)|update|match)|ewrdsgroup)|SVG(?:(?:Unl|L)oad|Resize|Scroll|Zoom)|key(?:press|down|up)|(?:AppComman|Loa)d|Request|zoom))[\s%pre%]*= [NoScript XSS] Blocked susspisious request: [https://-mywebsite-/index.php?name=%22%3E%3Cscript%3Ealert(xss);%3C/script%3E]

Este filtro funciona incluso si tiene ese sitio web en la lista blanca.

    
respondido por el Mirsad 25.01.2017 - 13:24
fuente

Lea otras preguntas en las etiquetas