11

When I press Run button on JSFiddle, sometimes my NoScript addon will display an XSS warning and the fiddle shows this message instead of my changes:

{"error": "Please use POST request"}

I allowed scripts from all domains that jsfiddle uses. I also created an Anti-XSS Protection Exception, but this didn't help:

^http?://fiddle\.net/

How can I get rid of this issue?

Aprillion
  • 21,510
  • 5
  • 55
  • 89

1 Answers1

11

JSFiddle uses http://fiddle.jshell.net/ server for displaying results (see What makes JSFiddle secure from XSS based attacks?).

So the rule should be like this:

^https?://fiddle\.jshell\.net/_display

Source: http://curiousx.wordpress.com/2011/11/28/jsfiddle-error-please-use-post-request/

Update: FTR, for the embeded stackoverflow code snippets, the rule should be: 
^https?://stacksnippets\.net/js
Community
  • 1
  • 1
Aprillion
  • 21,510
  • 5
  • 55
  • 89