XSS Exceptions

[Fugsta]

Dear Sirs,

I am currently in the process of trying NoScript due to a recommendation online..however I find it's effectiveness limited (having to allow a page multiple times often takes longer that it would to run whatever rubbish scripts are there) and it takes A LOT of time to set up.

Now, I've already submitted a double payment once due to it blocking my payment site.. and now I'm unable to make a payment due to NoScript.

All I want to do is add a XSS exception.

Please provide STEP BY STEP instructions for doing so - there is no button on that screen that allows whatever you type to be added to the list. Also - WHY is there no option to add an XSS exception once blocked - just like the rest of it?

This add-in is now seriously more hassle than it's worth and it's days are numbered!

Please help me before it gets uninstalled immediately so I can pay my electricity bill!!

Thanks in advance...

[Fugs]

On top of this you wouldn't even let me post with the username I just registered....what a load of hassle for nothing!! Currently the WORST add on I've ever had the misfortune of using!!

[Fugs]

Forget it - my electricity company cannot tell if the payment went through so the hassle this has caused will happen for the last time.

NoScript - nice idea but the most appalling implementation of software I've experienced for a LONG TIME.

/uninstall

[barbaz]

All I want to do is add a XSS exception.

Please provide STEP BY STEP instructions for doing so - there is no button on that screen that allows whatever you type to be added to the list. Also - WHY is there no option to add an XSS exception once blocked - just like the rest of it?

I would have answered this if you lost the attitude and hadn't posted the 3rd post, but as it is this is just a rant, binning.
It is unreasonable to expect answers (never mind complete solution) within 10 minutes on a forum, and it is possible to say negative things in a constructive way.

On top of this you wouldn't even let me post with the username I just registered....what a load of hassle for nothing!!

Is this you? Fugstar
If so, remember to log in before posting so that you don't need to solve the CAPTCHA every time and that you can use the username you registered. Guest posters cannot use a registered username.

If you want your account deactivated or deleted feel free to log in and let us know from there.

[Thrawn]

All I want to do is add a XSS exception.

I take it that you were seeing a message from the XSS filter?

There should be more details in the Browser Console (Ctrl+Shift+J) when it occurs. If you had posted those, we might have been able to diagnose better. XSS filter exceptions are configured using regular expressions, which are very powerful but can easily go wrong, so it's best done after consultation.

Please help me before it gets uninstalled immediately so I can pay my electricity bill!!

Thanks in advance...

Er...in my timezone, you wrote that just after 4am, and then waited a whole 8 minutes. Sorry, but I don't get paid for this; I'm not on-call. On the bright side, you're not being charged either.

I can recognise that the interference with your electricity bill was probably quite a nuisance, and if you do decide to reinstall and keep pursuing a solution to the problem (why is your electricity provider doing something that looks like an XSS attempt?), then I won't hold your attitude against you.

[barbaz]

if you do decide to reinstall and keep pursuing a solution to the problem (why is your electricity provider doing something that looks like an XSS attempt?), then I won't hold your attitude against you.

And neither would I for that matter. I get that computer problems can be frustrating and things can suck bigtime, I just don't like wasting time dealing with ranting without even so much as looking into the problem before declaring the whole thing an idiotic loss.

[Fugstar]

Thanks and all - but frustrated I indeed was.

I appreciate the feedback..if you notice I did actually say you should be able to add this exception like the rest, plus there was no easy button to add it manually - in my opinion that is constructive criticism - which is what I think you were trying to take me to task about stating negative things in a constructive way?

Plus you state I didn't look into the problem - why would I be looking at adding my own manual XSS exception if that wasn't the case?? Rhetorical question - joining a forum to post a question for the answer to a problem which should have been experienced and resolved before is always my LAST resort.

The fact I was not happy at the time - in reality if you consider the issue caused and possible financial implications therein - for me is totally understandable.

It was a really daft position to be left in - having to call my utility company and then my bank to confirm transactions because of this.

You already have standard exceptions on install for search engines and other sites - why do these not exist for XSS, (or any other used protocol for that matter!) for every official payment site that's known?

All three of the above solutions would have either circumvented the issue or made it vastly easier to rectify.

It even states on the description "...no loss of functionality..."

Anyway...I'm not getting paid for this either..so I'll leave it there. I've left this uninstalled..if you'd like to cancel my forum access please do so.

[barbaz]

Well you can add XSS exception by checking the [NoScript XSS] message(s) in tbe Browser Console (Ctrl-Shift-J) and then check the sticky for how to create exception using that info. If you don't know regex, this tutorial might help you.

You already have standard exceptions on install for search engines and other sites - why do these not exist for XSS, (or any other used protocol for that matter!) for every official payment site that's known?

If you can provide some URLs then maybe Giorgio can look into whether it's reasonable to add default exception. Or if it's not reasonable, then maybe we can start a thread containing list of needed XSS exceptions for payment sites.

It has also been recommended to use a separate profile, which has things like XSS filter completely disabled (or even without NoScript installed at all), which use for nothing except making the payments for a specific site; creating a new profile for every different site (to minimize what could be compromised at a time should something go wrong).

if you'd like to cancel my forum access please do so.

Actually we wouldn't like that at all, we only like to doing that for spammers.

[Thrawn]

there was no easy button to add it manually

Well, in my experience, it's easy to get XSS filter exceptions wrong, and it's *very* easy to get regular expressions wrong, and when you define XSS exceptions using regular expressions...I would keep it firmly in the 'Advanced' section.

You already have standard exceptions on install for search engines and other sites - why do these not exist for XSS, (or any other used protocol for that matter!) for every official payment site that's known?

Because official payment sites should not behave in a way that trips the XSS filter!

It means that they are sending very suspicious-looking requests to themselves, and they might even be vulnerable to real XSS attacks.

It even states on the description "...no loss of functionality..."

Yes, that more specifically relates to the script-blocking angle. If that couldn't be made to work just by allowing sites, it would be a bug.