On Wed, Aug 29, 2012 at 9:21 AM, [email protected] <[email protected]> wrote: > On Wed, Aug 29, 2012 at 09:00:00AM +0100, Peter Cock wrote: >> On Wednesday, August 29, 2012, wrote: >> > also Noscript complained about a "potential cross-site >> > scripting (XSS) attempt from http://biojava.org";... >> >> Was that from an open-bio.org URL? It is actually >> the same server for BioJava.org so I can imagine >> how an apparent cross-site scripting attempt >> might happen. > > The offending page: > http://lists.open-bio.org/mailman/options/biojava-l > > Details: > [NoScript XSS] Sanitized suspicious upload to > [http://lists.open-bio.org/mailman/options/biojava-l] from > [http://www.biojava.org/mailman/listinfo/biojava-l]: transformed into a > download-only GET request. > > If this is a Noscript bug, give me a hint, I have no idea > about such things. > > ralf
I think it is harmless, notice both these URLs work: http://www.biojava.org/mailman/options/biojava-l http://lists.open-bio.org/mailman/options/biojava-l but they both submit the form to lists.open-bio.org. So technically the Noscript warning is correct - if you use the www.biojava.org address it is sending the information to lists.open-bio.org (both are OBF servers, although under different domain names). Similarly you can send send to this mailing list as [email protected] or [email protected] Peter _______________________________________________ Biojava-l mailing list - [email protected] http://lists.open-bio.org/mailman/listinfo/biojava-l
