Localization NS 10

Bug reports and enhancement requests
fatboy
Junior Member
Posts: 47
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy » Thu Mar 14, 2019 10:02 am

v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?

v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12

User avatar
Giorgio Maone
Site Admin
Posts: 8673
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: Localization NS 10

Post by Giorgio Maone » Thu Mar 14, 2019 10:00 pm

fatboy wrote:
Thu Mar 14, 2019 10:02 am
v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?
In order to see that you need to (temporarily!) uncheck NopScript Options>Advanced>Scan uploads for potential cross-site attacks and check NopScript Options>Advanced>Ask confirmation for cross-site POST requests which could not be scanned.
Also you need a POST form which as an action attribute pointing to a different domain, and the latter (forums.informaction.com, in this test page) must be set up to run JavaScript (either TRUSTED or by other, even temporary, means), because this is meant as a fallback XSS mitigation.

The rationale behind these (hopefully temporary) work-around options is this issue
fatboy wrote:
Thu Mar 14, 2019 10:02 am
v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
On the same Options tab, but you need an 8.0.7 build.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

fatboy
Junior Member
Posts: 47
Joined: Fri Jul 25, 2014 6:56 am
Contact:

Re: Localization NS 10

Post by fatboy » Fri Mar 15, 2019 9:05 am

Thanks a lot!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 SM/2.38 NS/2.9.0.12

Post Reply