Search found 23 matches
- Tue Nov 28, 2017 10:42 pm
- Forum: NoScript Support
- Topic: Keep getting XSS warning when I open my browser
- Replies: 8
- Views: 4987
Re: Keep getting XSS warning when I open my browser
Had a similar issue: https://forums.informaction.com/viewtopic.php?f=7&t=23870 The actual issue is just the website having a broken SEO/metatag for image or description.(respectively using a JS templating system for their SEO information) When Firefox then tries to load this, it tries to load it...
- Tue Nov 28, 2017 10:37 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
BTW the actual bug here is no XSS: It is just a broken request containing the string "{". And because of that string, NoScript categorizes it as XSS.
- Tue Nov 28, 2017 10:36 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
Each modern browser uses JavaScript everywhere. In the DevTools, in the settings page, etc. That's just how you develop things… And as long as these pages are still sandboxed (and not elevated inm contrast to usual pages) that's not really bad. I mean nowadays we even have whole desktop applications...
- Tue Nov 28, 2017 8:36 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
Ah thanks, that screenshot was very useful. And from my point of view, this is really a bug and *not* expected behaviour…
- Tue Nov 28, 2017 7:57 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
Please access about:newtab, press F12, select network inspector. Click on reload there. You'll see where they are loaded from.
And as I cannot reproduce the initial issue right now anyway… so there is no need to discuss that further.
Also we are getting of-topic.
And as I cannot reproduce the initial issue right now anyway… so there is no need to discuss that further.
Also we are getting of-topic.
- Tue Nov 28, 2017 7:24 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
You completely miss the point. (that WebExtension should not be able to access browser-stuff or other add-ons is a technical point, not my opinion, e.g.) But I've found two ways I can express this issue to the Firefox devs, indeed, and one is why EmojiOne was loaded in the first place (because contr...
- Tue Nov 28, 2017 3:28 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
It is closed, because they say it is a bug in NoScript, which I can understand… Hmm, yeah, but it is more surprising that this works at all. Because should not WebExtensions have no access to about:newtab as it is a Firefox-internal site? At least it looks as if they do not have, as all add-ons do n...
- Mon Nov 27, 2017 11:49 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
Okay, reported upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1421095
- Mon Nov 27, 2017 11:21 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Re: Randomly EmojiOne XSS popup appears
It would be strange if they contact EmojiOne… There is not even Emoji displayed.
- Mon Nov 27, 2017 11:19 pm
- Forum: NoScript Support
- Topic: How to allow/whitelist all HTTPS sites in new NoScript?
- Replies: 3
- Views: 1873
Re: How to allow/whitelist all HTTPS sites in new NoScript?
Okay, possibly uMatrix can also do this, but NoScript had this feature – even as an extra checkbox. I mean to implement this it would not even need a whole new feature. They'd just need to accept "https://*" as an input. And that other add-on does not help me. I just want to prevent all ja...
- Mon Nov 27, 2017 9:43 pm
- Forum: NoScript Support
- Topic: Randomly EmojiOne XSS popup appears
- Replies: 16
- Views: 6885
Randomly EmojiOne XSS popup appears
Randomly this popup appears: https://hostux.pics/images/2017/11/27/b6f7eb65af4e52222cb60ddcebf32a5d.png Could it be caused by another WbeExtension? (e.g. my Emoji toolbar) But AFAIK it could not as WebExtensions are separated from each other. But I also could not find out to which page it belongs. S...
- Mon Nov 27, 2017 9:42 pm
- Forum: NoScript Mobile
- Topic: Looks like version 10 is now available for mobile FF 57
- Replies: 18
- Views: 128716
Re: Looks like version 10 is now available for mobile FF 57
(*removed post in wrong topic*)
BTW AFAIK WebExtensions are now compatible with Firefox 57 for Android, so you should be able to install the "official" "NoScript" addon via AMO or so.
BTW AFAIK WebExtensions are now compatible with Firefox 57 for Android, so you should be able to install the "official" "NoScript" addon via AMO or so.
- Mon Nov 27, 2017 8:31 pm
- Forum: NoScript Development
- Topic: 10 Buggy XSS dialog; no way to add full domain to exceptions
- Replies: 4
- Views: 2538
Re: 10 Buggy XSS dialog; no way to add full domain to except
I think that white popup is a problem of Firefox. (I could also reproduce this with another WebExtension) Are you all using Linux? I have reported this at https://bugzilla.mozilla.org/show_bug.cgi?id=1421037. If you are affected by this problem, follow the bug there and/or report your system specs, ...
- Mon Nov 27, 2017 5:13 pm
- Forum: NoScript Support
- Topic: How to allow/whitelist all HTTPS sites in new NoScript?
- Replies: 3
- Views: 1873
- Tue Nov 21, 2017 7:28 pm
- Forum: NoScript Support
- Topic: How to allow/whitelist all HTTPS sites in new NoScript?
- Replies: 3
- Views: 1873
How to allow/whitelist all HTTPS sites in new NoScript?
In the Firefox 57 version of NoScript there seems to be no way of enabling/whitelisting all HTTPS content. In the old version I could either do this by just adding "https://" to the whitelist or (prefered) via a special setting in the advanced options. I tried to enter "https://*"...