by edgracely » Sat Jul 13, 2019 3:08 pm
Until a few months ago, the XSS (Cross-scripting attack) warnings were rare and I could easily just accept the block. Now I get them multiple times a day on a wide variety of normal, safe, web sites.
I don't know when i can safely allow the XSS, so i usually block it.
But it is frustrating how often the warnings occur. Is it possible that NoScript has gotten a bit too sensitive to this? I don't want to turn it off, but is there a way for NoScript to help avoid attacks without warning of every trivial feature that might possibly, rarely, be used as an attack?
Are others finding the same thing?
I *could* always allow or always block -- but that makes me nervous. Always allow could be a problem if one time there is a real attack. Always block can be a problem because occasionally XSS is part of site functionality,
Thoughts?
Ed
Until a few months ago, the XSS (Cross-scripting attack) warnings were rare and I could easily just accept the block. Now I get them multiple times a day on a wide variety of normal, safe, web sites.
I don't know when i can safely allow the XSS, so i usually block it.
But it is frustrating how often the warnings occur. Is it possible that NoScript has gotten a bit too sensitive to this? I don't want to turn it off, but is there a way for NoScript to help avoid attacks without warning of every trivial feature that might possibly, rarely, be used as an attack?
Are others finding the same thing?
I *could* always allow or always block -- but that makes me nervous. Always allow could be a problem if one time there is a real attack. Always block can be a problem because occasionally XSS is part of site functionality,
Thoughts?
Ed