Bug reports and enhancement requests
- Master Bug Buster
- Posts: 10013
- Joined: Sat Aug 03, 2013 5:45 pm
This link https://tunein.com/radio/Radio-Schizoid ... o-s298310/
triggers the XSS filter, but it contains no attempted XSS, nor anything that even looks like XSS.
Code: Select all
NoScript detected a potential Cross-Site Scripting attack
from https://forums.informaction.com to https://tunein.com.
It even triggers if I just paste that URL in the address bar.
Temporarily off forum staff at my own request
*Always* check the changelogs BEFORE updating that important software!
- Posts: 7714
- Joined: Thu Mar 19, 2009 4:17 pm
- Location: Maryland USA
(Confirmed [the popup that is].
I'll also note that the site pops up an [almost] frameless [is that the right word?] window, & that window has no NoScript icon, but NoScript can still be reached from a context-menu [or I suppose ? you could block sites from removing window frames].)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:126.96.36.199) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 SeaMonkey/2.53.10