NoScript causing hang on lloydstsb UK Bank?

Ask for help about NoScript, no registration needed to post
leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil »

Not sure if I did it correctly but it did not work.

In the list of Anti-XSS Exceptions below the two check boxes (back on) I added ^@https://www.halifax-online.co.uk/
where www.halifax-online.co.uk is the website I'm logging on to.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil »

It worked when I used the correct web adddress secure.halifax-online.co.uk rather than the gateway www.halifax-online.co.uk

Problem solved, or at least bypassed.

Thanks very much for your assistance.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

You're welcome. Image

I'd say solved for you.
*Always* check the changelogs BEFORE updating that important software!
-
bgiles
Posts: 3
Joined: Sun Oct 04, 2015 6:29 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by bgiles »

leamphil wrote:It worked when I used the correct web adddress secure.halifax-online.co.uk rather than the gateway www.halifax-online.co.uk

Problem solved, or at least bypassed.

Thanks very much for your assistance.
I think this is a similar result to what I've seen, and then reported on 9th October, but nobody else who uses Lloyds Bank has confirmed.
I'm still using this arrangement, which works for me.
Allowing anything else from lloydsbank.co.uk causes a hang.
bgiles wrote:Does the following not work for other Lloyds Bank customers using NoScript?

Allow: secure.lloydsbank.co.uk (i.e. added to whitelist)
Remove all other entries containing lloydsbank.co.uk from whitelist.

I've been using this arrangement for a few days now, loads normally, and without any apparent side effects.
Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0
mikew
Posts: 1
Joined: Mon Nov 23, 2015 11:05 am

Re: NoScript causing hang on lloydstsb UK Bank?

Post by mikew »

I'm also having this problem on tsb.co.uk which used to be owned by Lloyds. Its relatievly new. Wasn't there a few feeks ago. The problem is somewhat similar to the nwolb problem in that it hangs a while and then tries to lownload an empty file with a filename that looks like java script. After clicking save it works for a while until you click on another link and then it hangs again. I haven't found any of the workarounds that work yet.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
ordinary-user-55
Posts: 1
Joined: Mon Nov 23, 2015 4:32 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by ordinary-user-55 »

I'm having the same problem, it freezes the whole browser for about 30secs when I go into my Lloyds account.
Unusable.

Another thing I dislike is when doing an online payment to some vendor, I get a warning about a cross-scripting attempt when it goes to Lloyds Clicksafe.
This is accompanied by a pop-up window containing a lot of tabs and jargon which would take me the rest of the day to decipher.
Can't it just have "allow" or "deny" buttons for this window for non-geeks like me?

I'm now experimenting with a separate "banking" installation of Firefox with no add-ons at all, except Whitelist Ninja.
It's VERY fast, and looking promising.
Mozilla/5.0 (Windows NT 5.1; rv:42.0) Gecko/20100101 Firefox/42.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Thrawn »

It sounds like Lloyds' website has some significant security weaknesses. Using a separate banking-only profile is probably a good choice.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
myhos
Posts: 5
Joined: Wed Nov 25, 2015 3:48 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by myhos »

Hi,

In France, I have this same problem a few days ago with the website of Société Générale.

I followed the Barbaz setpoint (Sun 15 November, 2015). In the list of exceptions protection Anti-XSS, I added the following line:
^@ https: //particuliers.societegenerale.fr/.
My Whitelist contains the address https://particuliers.societegenerale.fr/.

Access to Société Générale site now seems to work well. Are my options correct? Are there any security risks?

Thank you for any information. Best regards.
Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

myhos wrote:^@ https: //particuliers.societegenerale.fr/.
I'm surprised it works with the whitespace in there... also you should use "\." instead of just "." because in regex the unescaped . character matches any character.
myhos wrote:Are there any security risks?
It depends if the XSS filter is actually taking action. Please temporarily remove that exception and check the Browser Console (Ctrl-Shift-J) when this issue happens and look for InjectionChecker or NoScript XSS messages.

If there are any, then I strongly recommend to remove that exception because a website messing with window.name in a way that trips the XSS filter poses both a security risk and a privacy risk (any site you visit can read the contents of window.name regardless of what set it). Well, at least the other bank sites mentioned in this thread were messing with window.name, I am assuming it'd be the same for yours if this case applies to you.

If there are no such messages, leave the exception because it's probably the best answer in that case.

Please let us know, thanks.
*Always* check the changelogs BEFORE updating that important software!
-
myhos
Posts: 5
Joined: Wed Nov 25, 2015 3:48 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by myhos »

Hi Bazbaz,
First of all thank you for your quick response.

My mistake in copying address! There is no space in the URL ... Sorry!

I did the test suggested after deleting the exception. At first, the Web page is frozen (in French "Firefox ne répond pas"). Unable to activate the console. Then I regained access to the page and display the console.

Several messages appear actually:
[NoScript InjectionChecker] Injection JavaScript in .....
and
[NoScript XSS] sanitized window.name, .....

How normally access my bank website without temporarily disable NoScript?

Also sorry for my bad english ...
Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Thrawn »

It may be best to create a second profile and use that exclusively for your bank.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:42.0) Gecko/20100101 Firefox/42.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

@myhos: Votre anglais n'est pas mal.
Pouvez-vous trouver ce qu'est la scripte qui fait ça et le bloquer avec ABE?
(Certaines personnes peuvent bloquer domain entière par le marquer comme Untrusted.)
*Always* check the changelogs BEFORE updating that important software!
-
myhos
Posts: 5
Joined: Wed Nov 25, 2015 3:48 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by myhos »

Hello Barbaz and Thrawn,

Thank you for your answers. I study your proposals and try. I would inform you of the following.

@ Thrawn:
Is creating a new profile dedicated exclusively to relationships with my bank requires specific settings NoScript ?

@ Barbaz:
Thank you for your nice answer in French !

I performed HttpFox on the home page of Société Générale. I can not find a script that causes blocking (but perhaps I did not recognize ...).
Page freeze about 4 or 5 minutes, 2 windows are displayed, offering downloading two empty files.

Then, the site works correctly.
Best Regards.
Mozilla/5.0 (Windows NT 6.1; rv:42.0) Gecko/20100101 Firefox/42.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

myhos wrote:@ Barbaz:
Thank you for your nice answer in French !
de rien :)
myhos wrote:I performed HttpFox on the home page of Société Générale. I can not find a script that causes blocking (but perhaps I did not recognize ...).
En général c'est essai et erreur. Bloquer les scriptes un à un et voyez si 1) le site marche 2) le blocage a disparu.

(English, for those who can't read French)
In general it's trial and error. Block the scripts one by one and see if 1) the site works 2) the hanging is gone.
*Always* check the changelogs BEFORE updating that important software!
-
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz »

myhos wrote:Is creating a new profile dedicated exclusively to relationships with my bank requires specific settings NoScript ?
Si vous faites ça vous pouvez choisir soit utiliser NoScript avec l'éxception XSS ou n'installer pas NoScript. Vous n'auriez pas visiter des autres sites dans ce profile, ainsi XSS à window.name n'est pas tout à fait si mal pour vous...
*Always* check the changelogs BEFORE updating that important software!
-
Post Reply