InformAction Forums

Another example: https://www.vulnerabilitycenter.com/#!vul=55665

EDIT:
Another problem has the same regression-range:
The Web-GUI of SabNZBd 0.7.20 is in a permanent state of showing the loading-icon in the tabbar with 2.9.0.8rc1.
The GUI itself is refreshing every 4 seconds, but the loading ...

As suspected, the XSS-errors and misbehaviors (repeated XSS-unsafe-reload-notification, no entry in the NS-menu) for both the bluekai- and beamdog-issue are the result of a regression.

Last good: 2.9.0.6rc1
First bad: 2.9.0.8rc1

The versions in between either can't be installed in 24ESR or refuse ...

Well, Firefox 24 ESR is quite old
NSS is marked as supporting Firefox 13 and newer, so I don't understand this remark.

, and although several moderators (including myself) like Pale Moon, Giorgio is targeting Firefox. Does the page still work despite the errors?
See my postings above.

Rather ...

I recommend that you completely block bluekai. Have you read the thread linked by barbaz? The fact that you don't see the XSS warnings with it blocked is a good thing.
Maybe, but when it's allowed and the page is reloaded using "Unsafe Reload" after the first time the XSS-warning pops up, shouldn ...

file:///D:/Users/Me%232/AppData/Roaming/Moonchild%20Productions/Pale%20Moon/Profiles/mggdaknq.default/extensions/%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D.xpi!/components/noscriptService.js:1354
You are using Pale Moon (and disguising your user agent). Looks like NoScript has some difficulty with ...

Yes, thanks.

Should I file a ticket over at BMO for not blocking the wrong-typed json with e10s enabled?

Is newer Fx versions showing this message too?
No.

Which made me wonder why NS would block it in older Fx-versions, but not in newer ones.

Reason: e10s.

e10s on - No warning, JSONs loaded.
e10s off - Warning, JSONs blocked.

Should have also tested with the latest release-version, which has ...

Firefox 24
NS 2.9.0.10 (default settings)
http://store.steampowered.com/stats/content/

steampowered.com and steamstatic.com are allowed.

Opening the link (with Flash disabled) causes the the message:
[NoScript] Blocking cross-site Javascript served from http://cdn.akamai.steamstatic.com/steam ...

I get the first error in the opening posting
[NoScript XSS] xss.reason.TypeError: IOUtil.newChannelFromURI is not a function --- ChannelReplacement.prototype._init@chrome://noscript/content/ChannelReplacementLegacy.js:114 ... by visiting http://thefamiliar.beamdog.com/5.0/#!/articles/105651 with ...

I thought I had tested it good enough to rule out a false report, but I guess I was wrong.

It's actually a bug in Firefox (introduced pre-24ESR and solved post-24ESR) and has nothing to do with NSS.

Clicking on the link on http://jsfiddle.net/as03ohoc/39/ doesn't work, but clicking on it on http ...

Firefox 24ESR,
NoScript 2.6.9.22
Default options

http://jsfiddle.net/as03ohoc/39/
Allowed jsfiddle.net, jshell.net, togetherjs.com

Clicking on "open window" should open a new window, but instead NoScript throws this error:
Timestamp: 12.05.2015 10:39:26
Error: NS_ERROR_FAILURE: Component ...

On http://www.mywirecard.com/mastercard.html NS 2.6.8.26 blocks the following:

[NoScript] Blocking cross-site Javascript served from http://jqueryjs.googlecode.com/files/jquery-1.3.2.js with wrong type info text/plain, attachment; filename="jquery-1.3.2.js" and included by http://www.mywirecard ...

Wow, thanks working fine. Much appreciated.

I got a question:
I don't know if this is within the scope of NS, but would it be possible to also show the placeholder when no flash-plugin (or other plugin) is installed?

I'm asking because Firefox's built-in click-to-play-mechanic is interfering with ...

Hello?

When the NS-icon is placed into CTR's addonbar-replacement, the context-menu is the wrong way around, see: http://forums.mozillazine.org/viewtopic ... #p13250747 and the three following replies.