insert a link with one of the URLs above and it will report as it have xss
Does it take minutes, hours or days to fix?
don't know
Any additional information?
if the url have some string of (_never_allowed_js_callback_regex) plus a dot, it will report as positive.
this detection occurs in lines (1153-1161) of AntiXSS.php
What is this feature about (expected vs actual behaviour)?
Link url https://www.geolocation.com is not passing, also https://www.history.com
How can I reproduce it?
insert a link with one of the URLs above and it will report as it have xss
Does it take minutes, hours or days to fix?
don't know
Any additional information?
if the url have some string of (_never_allowed_js_callback_regex) plus a dot, it will report as positive. this detection occurs in lines (1153-1161) of AntiXSS.php