2
1
I am running NoScript in Firefox and every time I try to use a Runnable Snippet, NoScript asks me whether I want to allow the potential cross site script to execute. I can provide a regular expression to bypass the notification, but I want to make sure that it is as targeted as possible so that actual XSS attacks don't get through (not that Stack Exchange would ever have one of those).
I tried:
^https?://stackexchange\.com/questions/.*$
But I still get the exception. Should I be targeting http://stacksnippets.net
instead?
I also tried:
^https?://stacksnippets\.net.*$
Which works, but is that the most targeted RegEx I can make?
Yeah, I like that a lot better than what I originally had. Didn't even think to consider newer top-level domains. – zero298 – 2015-02-20T15:47:12.873