Hi ever since yesterday I have not been able to play unless I disable NoScript altogether in firefox.
I have checked that both facebook and Zynga Poker have full access and no scripts are blocked. If I leave NoScript enabled all I get is the buddy bar loading at the top of the page. This happens even if I enable scripts globally:(
Thanks for and help in advance.
Tan
[RESOLVED] Zynga Poker and NoScript
[RESOLVED] Zynga Poker and NoScript
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
Re: Zynga Poker and NoScript
URL ?
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.9) Gecko/20100317 SeaMonkey/2.0.4
-
centaurius
Re: Zynga Poker and NoScript
The same thing happens to me also since 20t of May also!
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
Peter
Re: Zynga Poker and NoScript
I have the very same problem, and it appeared on the very same day.
Mozilla/5.0 (Windows; U; Windows NT 6.0; sv-SE; rv:1.9.2.3) Gecko/20100401 Ant.com Toolbar 2.0.1 Firefox/3.6.3 ( .NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Zynga Poker and NoScript
Does the problem persist with 1.9.9.79?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
centaurius
Re: Zynga Poker and NoScript
Yes... just tested it... i've uploaded a screenshot of the XSS warning: http://i50.tinypic.com/syqg6b.jpg After that warning it just blocks practily evertything of that APP. I've tried to add to whitelist in XSS the http://apps.facebook.com with no sucess.Giorgio Maone wrote:Does the problem persist with 1.9.9.79?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Zynga Poker and NoScript
Can I see the [NoScript XSS] lines you should get in Tools|Error Console when it happens?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
centaurius
Re: Zynga Poker and NoScript
Well it gives this warning, and a bunch of unexpected lines, I only posted the NoScript XSS line:Giorgio Maone wrote:Can I see the [NoScript XSS] lines you should get in Tools|Error Console when it happens?
[NoScript XSS] Sanitised suspicious request. Original URL [http://facebook.poker.zynga.com/poker/l ... .php?path=(edited out for OP's privacy)] requested from [http://apps.facebook.com/texas_holdem/i ... ecent&fa=1]. Sanitised URL: [http://facebook.poker.zynga.com/poker/l ... .php?path=(edited out for OP's privacy)#1126653147501698389].
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
centaurius
Re: Zynga Poker and NoScript
Do you recommend any XSS expection code i could write?
^http://apps.facebook.com only doesn't work.
^http://apps.facebook.com only doesn't work.
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Zynga Poker and NoScript
Remove the exception you put there, and replace it with
Code: Select all
^http://facebook\.poker\.zynga\.com/poker/
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
centaurius
Re: Zynga Poker and NoScript
It worked, thanksGiorgio Maone wrote:Remove the exception you put there, and replace it withCode: Select all
^http://facebook\.poker\.zynga\.com/poker/
However this wasn't needed prior to 20th of May. Why is that?
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Zynga Poker and NoScript
A change in Zynga code, most likely.centaurius wrote:However this wasn't needed prior to 20th of May. Why is that?
Notice that they're even nesting a full-featured JavaScript URL (
Code: Select all
inviteURL=javascript:ZY.openInvitePopup()Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Re: Zynga Poker and NoScript
Thank you for your help Giorgio Maone and centaurius. 
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
-
centaurius
Re: Zynga Poker and NoScript
Well the problem returned.... even ysng that code u said to add to excpetion.
This is what appears on error log:
This is what appears on error log:
What exception line should I (we) add now? :>[NoScript XSS] Sanitised suspicious request. Original URL [http://facebook2.poker.zynga.com/poker/ ... 0a1d1f27a1] requested from [http://apps.facebook.com/texas_holdem/i ... ecent&fa=1]. Sanitised URL: [http://facebook2.poker.zynga.com/poker/ ... 6376058146].
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: Zynga Poker and NoScript
Hell, they seem to try hard at triggering XSS warnings (is their real aim making you disable the XSS filter outright)?
However, please change the above into:
However, please change the above into:
Code: Select all
^http://facebook\w*\.poker\.zynga\.com/poker/
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3