XSS Warning on Background Tab that loads Media

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: XSS Warning on Background Tab that loads Media

Re: XSS Warning on Background Tab that loads Media

by therube » Sun Jul 28, 2019 4:57 pm

Got multiple here, then tried to reproduce & couldn't.

Other times that I've gotten similar (I simply tend to dismiss) it was often something like sitename & sitenamecdn which I likened to ClearClick like behavior. So this one is a bit different in that respect.

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://www.crunchyroll.com to https://www.facebook.com.

Suspicious data:

Error: Exceeded 20000ms timeout,(URL) https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https://staticxx.facebook.com/connect/xd_arbiter.php?version=44#cb=f3280f318562486&domain=www.crunchyroll.com&origin=https%3A%2F%2Fwww.crunchyroll.com%2Ff37a56209ec1534&relation=parent.parent&container_width=300&href=https://www.facebook.com/Crunchyroll&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true

Re: XSS Warning on Background Tab that loads Media

by barbaz » Sun Jul 28, 2019 2:35 am

Could you please post the full content of one of these XSS warnings?

XSS Warning on Background Tab that loads Media

by therube » Sat Jul 27, 2019 5:29 pm

XSS Warning on Background Tab that loads Media

Oh, no idea what I'm talking about, but I think it's something like that.

Error: Exceeded 20000ms timeout

Thinking that on a media page that auto-plays, if you open multiple links in background tabs, then don't interact with them until > 20000ms, well...


Kind of like how in NoScript 5, ClearClick blocks page refresh until focus is returned to the page (if it was elsewhere).

Top