I am interested in a working implementation of a XSS filter for Firefox
based on the same techniques described in these links. I do not find any
updates since 2012 about this topic, is this something that is completely
abandoned?
I understand that an XSS filter is not a prioritized feature, but is this
the only reason why there is no updates?
Regards, Andreas
Frederik Braun
unread,
Mar 5, 2018, 5:14:21 AM3/5/18
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Sign in to report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to dev-se...@lists.mozilla.org, Giorgio Maone
Hi Andreas,
There have been numerous discussions, the latest one in late 2016 and we
had come to the conclusion that it is currently not worth the effort for
Firefox to provide a built-in feature:
An XSS filter can not protect against stored (aka persistent) XSS or DOM
XSS, which has recently become more and more prevalent recently.
An XSS filter is prone to security holes if not maintained very
diligently and actively. It is hard to justify security engineering time
on a feature that provides limited value.
Lastly, there is an XSS filter in NoScript that people can use.
If you're interested in implementing an XSS filter, I recommend doing
this as a Web Extension.
Maybe talk to Giorgio Maone (CCd), the NoScript maintainer and see if
there's a shared interest for shipping the NoScript xss-filter as its
own extension.