10: XSS popup
Posted: Thu Nov 23, 2017 3:36 am
I have read all the explanations I can find and I still don't understand what XSS is or why it's a threat. But you seem to think it's bad enough to add blockers for it in NoScript, so I leave it enabled.
Previously, NoScript showed a small yellow bar across the top of the site to let me know XSS was blocked. Cool. I don't need to do anything.
But now, there is a giant popup that I have to click on. Why do I have to click on it? It has a whole lot more information on it, but it all looks like gibberish to me, so it's not helpful at all. And when it says, for instance, 'from https://www.cfl.ca to https://www.facebook.com' I don't know what to do. I trust both sites, but XSS is so bad and I don't know what it means so I just say Block.
But there is an option to Allow and an option to Always Allow, but why isn't there an option to Always Block? I don't want to see that popup every time I visit these sites with XSS. And blocking it doesn't seem to affect the site, so I don't care.
And then it's more confusing when it pops up and asks to Sanitize the XSS. What happened to Block? And in Options, there is already a checkmark beside Sanitize XSS, so why is it even asking me? Just do it.
Anyway, that's my latest rant. Happy to see that all of my other complaints/concerns have been addressed and fixed in 10.1.2, so thank you for that! You're doing a great job!
Previously, NoScript showed a small yellow bar across the top of the site to let me know XSS was blocked. Cool. I don't need to do anything.
But now, there is a giant popup that I have to click on. Why do I have to click on it? It has a whole lot more information on it, but it all looks like gibberish to me, so it's not helpful at all. And when it says, for instance, 'from https://www.cfl.ca to https://www.facebook.com' I don't know what to do. I trust both sites, but XSS is so bad and I don't know what it means so I just say Block.
But there is an option to Allow and an option to Always Allow, but why isn't there an option to Always Block? I don't want to see that popup every time I visit these sites with XSS. And blocking it doesn't seem to affect the site, so I don't care.
And then it's more confusing when it pops up and asks to Sanitize the XSS. What happened to Block? And in Options, there is already a checkmark beside Sanitize XSS, so why is it even asking me? Just do it.
Anyway, that's my latest rant. Happy to see that all of my other complaints/concerns have been addressed and fixed in 10.1.2, so thank you for that! You're doing a great job!