Page 2 of 2

Re: Localization NS 10

Posted: Thu Mar 14, 2019 10:02 am
by fatboy
v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?

v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"

Re: Localization NS 10

Posted: Thu Mar 14, 2019 10:00 pm
by Giorgio Maone
fatboy wrote:
Thu Mar 14, 2019 10:02 am
v 10.2.2rc3, Fx ESR60
I would like to see as warning looks:
"This cross-site request could not be scanned for XSS.
It might be innocuous… "
Maybe there is a page like https://noscript.net/%3Cscript%3E ?
In order to see that you need to (temporarily!) uncheck NopScript Options>Advanced>Scan uploads for potential cross-site attacks and check NopScript Options>Advanced>Ask confirmation for cross-site POST requests which could not be scanned.
Also you need a POST form which as an action attribute pointing to a different domain, and the latter (forums.informaction.com, in this test page) must be set up to run JavaScript (either TRUSTED or by other, even temporary, means), because this is meant as a fallback XSS mitigation.

The rationale behind these (hopefully temporary) work-around options is this issue
fatboy wrote:
Thu Mar 14, 2019 10:02 am
v 10.2.2rc3, TBB 8.0.6
Where should this text be?
"Override Tor Browser's Security Level preset"
On the same Options tab, but you need an 8.0.7 build.

Re: Localization NS 10

Posted: Fri Mar 15, 2019 9:05 am
by fatboy
Thanks a lot!