Search found 2753 matches: html

Searched query: +html

by luntrus
Mon Mar 23, 2009 3:51 pm
Forum: NoScript General
Topic: XSS exploit not detected by NoScript
Replies: 6
Views: 4661

XSS exploit not detected by NoScript

Hi Giorgio Maone,

The following attack vector: data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=
was not being detected by NoScript when tested here: hxxp://bypass.xssing.com/testing.php?ve ... NjcmlwdD4=

luntrus
by Giorgio Maone
Sun Mar 22, 2009 10:01 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5204

Re: Blocking of Detecting Private Browsing Mode

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). Not exactly: from the test's standpoint, it's ON because TorButton is doing more or less the same thing as Private Browsing and Safe History (i.e. b...
by mik33mik
Sun Mar 22, 2009 9:53 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5204

Re: Blocking of Detecting Private Browsing Mode

The result of the test (Jeremiah Grossman) is "Private Browsing mode is ON" either with private browsing ON, or OFF (it's a false positive). You must check Block History Reads during Non-Tor in torbutton preference. You can also test torbutton with this poc: http://ha.ckers.org/weird/CSS-h...
by luntrus
Sun Mar 22, 2009 3:08 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5204

Re: Blocking of Detecting Private Browsing Mode

Hi bazzargh, As Giorgio Maone mentioned when it is done via JavaScript there is no problem, because NoScript perfectly takes care of that one and similar issues; as a more permanent solution to the visited links issue at hand - Copy the code below as css file at /Users/luntrus/Library/Application Su...
by luntrus
Sat Mar 21, 2009 6:44 pm
Forum: NoScript General
Topic: Blocking of Detecting Private Browsing Mode
Replies: 10
Views: 5204

Blocking of Detecting Private Browsing Mode

Hi Giorgio Maone, Hello I have come to join you here. As you know every modern browser to-day has a so-called "pr0n"-button aboard in order to leave no surfing-traces behind, but websites are now very well able to record who it is that is trying to surf "anonymously". The way thi...
by PeterS
Sat Mar 21, 2009 2:26 pm
Forum: NoScript Support
Topic: Classic Yahoo Mail refreshes continuously
Replies: 12
Views: 5827

Classic Yahoo Mail refreshes continuously

... first line of page source with Noscript enabled, Firefox Javascript also enabled. Page displays but refreshing goes on CONTINUOUSLY. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html lang="en-US"><head><meta http-equiv="Content-Type" ...
by Tom T.
Sat Mar 21, 2009 7:48 am
Forum: NoScript Development
Topic: "Visit site" option
Replies: 11
Views: 6101

Re: "Visit site" option

Also, if you use the Hosts file from m, you'll be automatically blocked from visiting badscriptingsite.com, which is a pretty good clue not to allow it. But not being in that hosts file is no evidence that the site is safe. Enumerating Badness is "Dumb Idea" #2) . Or maybe I don't know wh...
by Alan Baxter
Sat Mar 21, 2009 7:01 am
Forum: NoScript Development
Topic: "Visit site" option
Replies: 11
Views: 6101

Re: "Visit site" option

Also, if you use the Hosts file from m, you'll be automatically blocked from visiting badscriptingsite.com, which is a pretty good clue not to allow it. But not being in that hosts file is no evidence that the site is safe. Enumerating Badness is "Dumb Idea" #2) . Or maybe I don't know wh...