Search found 35 matches

by Elbart
Fri Apr 15, 2016 8:48 am
Forum: NoScript Support
Topic: XSS & Marketwatch site
Replies: 17
Views: 9128

Re: XSS & Marketwatch site

Another example: https://www.vulnerabilitycenter.com/#!vul=55665 EDIT: Another problem has the same regression-range: The Web-GUI of SabNZBd 0.7.20 is in a permanent state of showing the loading-icon in the tabbar with 2.9.0.8rc1. The GUI itself is refreshing every 4 seconds, but the loading animati...
by Elbart
Sun Apr 10, 2016 8:43 pm
Forum: NoScript Support
Topic: XSS & Marketwatch site
Replies: 17
Views: 9128

Re: XSS & Marketwatch site

As suspected, the XSS-errors and misbehaviors (repeated XSS-unsafe-reload-notification, no entry in the NS-menu) for both the bluekai- and beamdog-issue are the result of a regression. Last good: 2.9.0.6rc1 First bad: 2.9.0.8rc1 The versions in between either can't be installed in 24ESR or refuse to...
by Elbart
Fri Apr 08, 2016 11:20 am
Forum: NoScript Support
Topic: XSS & Marketwatch site
Replies: 17
Views: 9128

Re: XSS & Marketwatch site

Well, Firefox 24 ESR is quite old NSS is marked as supporting Firefox 13 and newer, so I don't understand this remark. , and although several moderators (including myself) like Pale Moon, Giorgio is targeting Firefox. Does the page still work despite the errors? See my postings above. Rather than s...
by Elbart
Mon Apr 04, 2016 8:04 am
Forum: NoScript Support
Topic: XSS & Marketwatch site
Replies: 17
Views: 9128

Re: XSS & Marketwatch site

I recommend that you completely block bluekai. Have you read the thread linked by barbaz? The fact that you don't see the XSS warnings with it blocked is a good thing. Maybe, but when it's allowed and the page is reloaded using "Unsafe Reload" after the first time the XSS-warning pops up,...
by Elbart
Sat Apr 02, 2016 6:41 am
Forum: NoScript Support
Topic: XSS & Marketwatch site
Replies: 17
Views: 9128

Re: XSS & Marketwatch site

file:///D:/Users/Me%232/AppData/Roaming/Moonchild%20Productions/Pale%20Moon/Profiles/mggdaknq.default/extensions/%7B73a6fe31-595d-460b-a920-fcc0f8843232%7D.xpi!/components/noscriptService.js:1354 You are using Pale Moon (and disguising your user agent). Looks like NoScript has some difficulty with ...
by Elbart
Wed Mar 30, 2016 1:42 pm
Forum: NoScript Support
Topic: Steam-stats - cross-site JS blocked
Replies: 5
Views: 1410

Re: Steam-stats - cross-site JS blocked

Yes, thanks.

Should I file a ticket over at BMO for not blocking the wrong-typed json with e10s enabled?
by Elbart
Wed Mar 30, 2016 11:38 am
Forum: NoScript Support
Topic: Steam-stats - cross-site JS blocked
Replies: 5
Views: 1410

Re: Steam-stats - cross-site JS blocked

Is newer Fx versions showing this message too? No. Which made me wonder why NS would block it in older Fx-versions, but not in newer ones. Reason: e10s. e10s on - No warning, JSONs loaded. e10s off - Warning, JSONs blocked. Should have also tested with the latest release-version, which has e10s dis...
by Elbart
Tue Mar 29, 2016 5:34 pm
Forum: NoScript Support
Topic: Steam-stats - cross-site JS blocked
Replies: 5
Views: 1410

Steam-stats - cross-site JS blocked

Firefox 24 NS 2.9.0.10 (default settings) http://store.steampowered.com/stats/content/ steampowered.com and steamstatic.com are allowed. Opening the link (with Flash disabled) causes the the message: [NoScript] Blocking cross-site Javascript served from http://cdn.akamai.steamstatic.com/steam/public...
by Elbart
Tue Mar 29, 2016 5:26 pm
Forum: NoScript Support
Topic: XSS & Marketwatch site
Replies: 17
Views: 9128

Re: XSS & Marketwatch site

I get the first error in the opening posting [NoScript XSS] xss.reason.TypeError: IOUtil.newChannelFromURI is not a function --- ChannelReplacement.prototype._init@chrome://noscript/content/ChannelReplacementLegacy.js:114 ... by visiting http://thefamiliar.beamdog.com/5.0/#!/articles/105651 with bea...
by Elbart
Mon May 25, 2015 12:34 pm
Forum: NoScript Development
Topic: [Invalid] Error with window.open and 24ESR
Replies: 2
Views: 730

Re: Error with window.open and 24ESR

I thought I had tested it good enough to rule out a false report, but I guess I was wrong. It's actually a bug in Firefox (introduced pre-24ESR and solved post-24ESR) and has nothing to do with NSS. Clicking on the link on http://jsfiddle.net/as03ohoc/39/ doesn't work, but clicking on it on http://f...
by Elbart
Tue May 12, 2015 8:40 am
Forum: NoScript Development
Topic: [Invalid] Error with window.open and 24ESR
Replies: 2
Views: 730

[Invalid] Error with window.open and 24ESR

Firefox 24ESR, NoScript 2.6.9.22 Default options http://jsfiddle.net/as03ohoc/39/ Allowed jsfiddle.net, jshell.net, togetherjs.com Clicking on "open window" should open a new window, but instead NoScript throws this error: Timestamp: 12.05.2015 10:39:26 Error: NS_ERROR_FAILURE: Component r...
by Elbart
Thu May 29, 2014 3:28 pm
Forum: NoScript Development
Topic: Script blocked even when using "Allow scripts globally"
Replies: 2
Views: 786

Script blocked even when using "Allow scripts globally"

On http://www.mywirecard.com/mastercard.html NS 2.6.8.26 blocks the following: [NoScript] Blocking cross-site Javascript served from http://jqueryjs.googlecode.com/files/jquery-1.3.2.js with wrong type info text/plain, attachment; filename="jquery-1.3.2.js" and included by http://www.mywir...
by Elbart
Fri Feb 28, 2014 3:29 pm
Forum: NoScript Development
Topic: Closing plugin-placeholders shouldn't collapse their area
Replies: 6
Views: 1857

Re: Closing plugin-placeholders shouldn't collapse their are

Wow, thanks working fine. Much appreciated. I got a question: I don't know if this is within the scope of NS, but would it be possible to also show the placeholder when no flash-plugin (or other plugin) is installed? I'm asking because Firefox's built-in click-to-play-mechanic is interfering with th...
by Elbart
Tue Dec 17, 2013 10:41 am
Forum: NoScript Development
Topic: NS + Australis and Classic Theme Restorer
Replies: 1
Views: 787

NS + Australis and Classic Theme Restorer

When the NS-icon is placed into CTR's addonbar-replacement, the context-menu is the wrong way around, see: http://forums.mozillazine.org/viewtopic ... #p13250747 and the three following replies.