So, lately people have been running into XSS filtering problems while trying to make comments on Dreamwidth. I know I've had it come up sometimes, although I haven't been able to replicate it just now.
( Exceptions are coming. )But we have no such advantage at this time.
In the meantime, apparently NoScript does have instructions on how to let certain pages bypass the filter entirely (Options > Advanced > XSS). I think this would do the trick:
^
http://www.dreamwidth.org/talkpost_do$
It doesn't have the same origin matching that the LJ exception does though, so that talkpost_do page (and only that page) would accept POST requests from
anywhere, not just dreamwidth.org subdomains. What are the possible consequences of telling somebody to add that to their exceptions? I don't want to give out this advice if it could easily lead to bad consequences. I'm pretty sure we're already fairly protected against such exploits, considering most people don't run NoScript and I haven't heard of ones like this lately, but I am no security expert. Thoughts?