I am interested in a working implementation of a XSS filter for Firefox
based on the same techniques described in these links. I do not find any
updates since 2012 about this topic, is this something that is completely
I understand that an XSS filter is not a prioritized feature, but is this
the only reason why there is no updates?
Re: Status of proposed Firefox XSS filter in bug 528661?
There have been numerous discussions, the latest one in late 2016 and we
had come to the conclusion that it is currently not worth the effort for
Firefox to provide a built-in feature:
An XSS filter can not protect against stored (aka persistent) XSS or DOM
XSS, which has recently become more and more prevalent recently.
An XSS filter is prone to security holes if not maintained very
diligently and actively. It is hard to justify security engineering time
on a feature that provides limited value.
Lastly, there is an XSS filter in NoScript that people can use.
If you're interested in implementing an XSS filter, I recommend doing
this as a Web Extension.
Maybe talk to Giorgio Maone (CCd), the NoScript maintainer and see if
there's a shared interest for shipping the NoScript xss-filter as its