You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a tracker issue which covers improving the ZAP results against the 'Escaped XSS' section of FR.
It is important to note that the priority here is to improve the ZAP scan results against real work apps so any improvements should be generic rather than tailored for FR.
PRs do not have to fix all of the false negatives - a change which just finds one new XSS in that section would be appreciated.
For more information about improving scan rules see https://www.zaproxy.org/docs/contribute/scan-rules/
In this case the relevant scan rule is linked to from each test.
As always all PRs should include full unit tests.
It is possible that some of the FR tests are no longer valid due to browser security improvements. If you believe this to be the case then please let us know and we will do our best to confirm that.
As this is a tracker it will not be assigned to any one individual.
The following failing test cases have been assigned:
We run ZAP against Google Firing Range (FR) using a scheduled task and publish the results on https://www.zaproxy.org/docs/scans/firingrange/
This is a tracker issue which covers improving the ZAP results against the 'Escaped XSS' section of FR.
It is important to note that the priority here is to improve the ZAP scan results against real work apps so any improvements should be generic rather than tailored for FR.
PRs do not have to fix all of the false negatives - a change which just finds one new XSS in that section would be appreciated.
For more information about improving scan rules see https://www.zaproxy.org/docs/contribute/scan-rules/
In this case the relevant scan rule is linked to from each test.
As always all PRs should include full unit tests.
It is possible that some of the FR tests are no longer valid due to browser security improvements. If you believe this to be the case then please let us know and we will do our best to confirm that.
As this is a tracker it will not be assigned to any one individual.
The following failing test cases have been assigned:
The following URLs are confirmed to be unexploitable on modern browsers:
The following URLs are believed to be unexploitable on modern browsers - if you disagree then please get in touch!
The text was updated successfully, but these errors were encountered: