googleSearchExtraButtons icon indicating copy to clipboard operation
googleSearchExtraButtons copied to clipboard
verified publisher icon spmbt

The script does not have a valid include (match) rules

Open IRainman opened this issue 5 years ago • 6 comments

I have a big problem with this script (same for Yandex Extra buttons). The script broke the other sites. I don't want to publish URL here because currently this is XSS, which allows me to create a order without paying. Currently I work with support of the site so that they fix the vulnerability on their site.

You need to set correct include list for google.com, google.ru etc.

IRainman avatar Jun 04 '20 08:06 IRainman

I cannot get script to work on mine anymore. Can you?

ghost avatar Sep 21 '20 05:09 ghost

It work here.

mikhoul avatar Sep 21 '20 15:09 mikhoul

IRainman: which includes do you think are incorrect? (gstatic are not used and may be removed) Maybe, better way - to deactivate script, when it start in frame?

You need to set correct include list for google.com, google.ru etc.

spmbt avatar Oct 27 '20 15:10 spmbt

I don't sure about frames. The problem is probably in rules with * There will be probably enough includes without * on the end, like this: https://www.google.*/

And * in domain name is needs to be complete local domain from the list. The list is probably exist here https://ipfs.io/ipfs/QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco/wiki/List_of_Google_domains.html in section Localized & regional domains

IRainman avatar Nov 05 '20 15:11 IRainman

IRainman: is there problem with names like www.google.anotherDomain.com?

spmbt avatar Nov 27 '20 20:11 spmbt

@spmbt

This: // @include http*://*.google.*/search?* should work on all google domain, at least it does for me.

Including domains like https://www.google.co.uk/ and others like that.

Regards :octocat:

mikhoul avatar Nov 28 '20 00:11 mikhoul