NoScript causing hang on lloydstsb UK Bank?

Ask for help about NoScript, no registration needed to post
barbaz
Senior Member
Posts: 9263
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz » Wed Oct 14, 2015 10:55 pm

Have you all tried the latest development build of NoScript? Did it work?
*Always* check the changelogs BEFORE updating that important software!
-

White Rabbit

Re: NoScript causing hang on lloydstsb UK Bank?

Post by White Rabbit » Thu Oct 15, 2015 8:24 am

Have just tested development build v 2.6.9.39rc1 on the Co-operative Bank (link given two posts above). Behaviour is the same as described before (Firefox hanging for 15 to 20 secs, followed by being kicked out to bank's error page). Let me know if I can help by running any diagnostics. I'll need a walk-through on what to do if so.
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0

White Rabbit

Re: NoScript causing hang on lloydstsb UK Bank?

Post by White Rabbit » Thu Oct 15, 2015 10:11 am

Here's what is happening during the hang (using v2.6.9.38):

Code: Select all

GET https://personal.co-operativebank.co.uk/CBIBSWeb/start.do [HTTP/1.1 200 OK 765ms]
GET https://personal.co-operativebank.co.uk/DigitalLegacyPIBSImages_clus1/theme/Master.css [HTTP/1.1 304 Not Modified 79ms]
GET https://personal.co-operativebank.co.uk/DigitalLegacyPIBSImages_clus1/js/visitor.js [HTTP/1.1 304 Not Modified 188ms]
GET https://tags.tiqcdn.com/utag/coopbank-uk/coop-ib/prod/utag.sync.js [HTTP/1.1 304 Not Modified 218ms]
GET https://personal.co-operativebank.co.uk/DigitalLegacyPIBSImages_clus1/js/adobeAudit.js [HTTP/1.1 304 Not Modified 141ms]
GET XHR https://purple.co-operativebank.co.uk/cbibsimgs/u8Gr.js [HTTP/1.1 200 OK 375ms]
GET https://yellow.co-operativebank.co.uk/89318/Ew2.js [HTTP/1.1 200 OK 313ms]
GET https://yellow.co-operativebank.co.uk/89318/iA4.js [HTTP/1.1 200 OK 312ms]
GET https://yellow.co-operativebank.co.uk/89318/R6V.js [HTTP/1.1 200 OK 265ms]
GET https://indigo.co-operativebank.co.uk/cbibsimg/gt0M.js [HTTP/1.1 200 OK 266ms]
GET https://tags.tiqcdn.com/utag/coopbank-uk/coop-ib/prod/utag.js [HTTP/1.1 304 Not Modified 47ms]
GET https://personal.co-operativebank.co.uk/DigitalLegacyPIBSImages_clus1/images/back_to_the_coopertive_bank_homepage.gif [HTTP/1.1 304 Not Modified 78ms]
GET https://personal.co-operativebank.co.uk/DigitalLegacyPIBSImages_clus1/images/nextbutton.gif [HTTP/1.1 304 Not Modified 94ms]
GET https://personal.co-operativebank.co.uk/DigitalLegacyPIBSImages_clus1/images/logo.png [HTTP/1.1 304 Not Modified 94ms]
GET https://purple.co-operativebank.co.uk/cbibsimgs/vO2 [HTTP/1.1 200 Ok 63ms]
GET https://yellow.co-operativebank.co.uk/89318/vO2 [HTTP/1.1 200 Ok 62ms]
GET https://indigo.co-operativebank.co.uk/cbibsimg/vO2 [HTTP/1.1 200 Ok 93ms]
GET https://purple.co-operativebank.co.uk/cbibsimgs/nhRo.html [HTTP/1.1 200 OK 62ms]
GET https://yellow.co-operativebank.co.uk/89318/dEJk.html [HTTP/1.1 200 OK 79ms]
GET https://yellow.co-operativebank.co.uk/89318/Xm2H.html/redirtestecash.banking.postbank.de/swbankonline.btbanking.com/onlineserv/CM//.ibps..banquepopulaire.fr/-www.schwab.com/secure.accurint.com/unfcu2.org//login1/wachovia.com/MyAccounts.aspx/investing.schwab.com/secure/schwab//https://snsbank.nl/mijnsns/secure/login/httpsabph.pl/pi/do/Authorization/alfabank.ru/swedbank/pf.bgz.pl// [HTTP/1.1 200 OK 78ms]
GET https://indigo.co-operativebank.co.uk/cbibsimg/nhRo.html [HTTP/1.1 200 OK 94ms]
POST XHR https://purple.co-operativebank.co.uk/cbibsimgs/vO2 [HTTP/1.1 200 Ok 485ms]
POST XHR https://indigo.co-operativebank.co.uk/cbibsimg/vO2 [HTTP/1.1 200 Ok 844ms]
GET XHR https://yellow.co-operativebank.co.uk/go.ashx/www.hsbc.co.uk/1/2/royalbank.commijn.ing.nl/internetbankieren/SesamLoginServlet/banking.sparkasse.de/portal/portal/startseitep=plloydsbank [HTTP/1.1 200 Ok 484ms]
GET XHR https://yellow.co-operativebank.co.uk/personal/a/ [HTTP/1.1 200 Ok 531ms]
GET XHR https://yellow.co-operativebank.co.uk/mpz/overschrijvenbetalen.do.pekao24.plmultibank.pl/www.abnamro.nlunicreditoi.bankia.es/es/hsbc.touchclarity.compofssavecredit.co.uk/POFS-NPS/do/login [HTTP/1.1 200 Ok 1109ms]
GET https://personal.co-operativebank.co.uk/CBIBSImages/images/spacer.gif#1444903114 [HTTP/1.1 200 OK 0ms]
GET https://yellow.co-operativebank.co.uk/89318/vO2 [HTTP/1.1 200 Ok 109ms]
GET https://personal.co-operativebank.co.uk/CBIBSImages/images/spacer.gif#1444903115 [HTTP/1.1 200 OK 0ms]
GET https://personal.co-operativebank.co.uk/CBIBSImages/images/spacer.gif#0.03353972721286003 [HTTP/1.1 200 OK 0ms]
GET https://yellow.co-operativebank.co.uk/89318/hcm/epk [HTTP/1.1 200 Ok 63ms]
POST XHR https://yellow.co-operativebank.co.uk/89318/vO2 [HTTP/1.1 200 Ok 688ms]
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0

User avatar
therube
Ambassador
Posts: 7456
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: NoScript causing hang on lloydstsb UK Bank?

Post by therube » Thu Oct 15, 2015 5:39 pm

(When I looked yesterday, it was either the yellow. or indigo. [don't recall] {or was it purple.} domain that was causing the hang for me.)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:41.0) Gecko/20100101 SeaMonkey/2.38

Guest

Re: NoScript causing hang on lloydstsb UK Bank?

Post by Guest » Sat Oct 17, 2015 9:49 am

I'm also having the same problem with the co-op website. Running firefox 41.0.2 (win 7 64bit) and No Script 2.6.9.38. Did the usual stuff and of clearing cache, disabling anti-virus and addons and found the no script was culprit. If no script is loaded as an add on (even with allow scripts globally) it hangs on load of the peronsal co-op login page; the bottom bar suggests that [color].co-operative.co.uk is where the problem is occuring. This has been happening for about a week for me. :( Not tried the rc version of no script yet.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0

User avatar
lakrsrool
Senior Member
Posts: 195
Joined: Wed Nov 12, 2014 4:20 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by lakrsrool » Mon Oct 19, 2015 8:08 am

Just thought I'd post the topic SOLVED - Problems using No Script with Bank of America site starting on page 2 where I used the "NoRedirect" add-on (temporarily just for testing purposes, together with the Avast activity log at some point) along with the invaluable assistance I got from this forum to help me with determining what I needed to do to resolve my "HANG" issues with a couple of banks. The redirect sites will be different of course but the method to resolve the problem might be helpful.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.7) Gecko/20150929 Firefox/31.9 PaleMoon/25.7.2

leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil » Sun Nov 15, 2015 3:04 pm

Guest wrote:I'm also having the same problem with the co-op website. Running firefox 41.0.2 (win 7 64bit) and No Script 2.6.9.38. Did the usual stuff and of clearing cache, disabling anti-virus and addons and found the no script was culprit. If no script is loaded as an add on (even with allow scripts globally) it hangs on load of the peronsal co-op login page; the bottom bar suggests that [color].co-operative.co.uk is where the problem is occuring. This has been happening for about a week for me. :( Not tried the rc version of no script yet.

I have just started having this problem with the Halifax web site - as above, did the usual stuff and found noscript to be the key item. Having it loaded even with allow scripts globally means that the Halifax website hangs when almost logged on. Firefox 42.0 (win 7 64 bit) and Noscript 2.6.9.39.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0

barbaz
Senior Member
Posts: 9263
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz » Sun Nov 15, 2015 3:11 pm

Is the XSS filter actually doing anything in your case?
Please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
*Always* check the changelogs BEFORE updating that important software!
-

leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil » Sun Nov 15, 2015 3:52 pm

Firefox locks out completely when I've (almost) got into the Halifax banking site, so cannot do CTRL-SHIFT-J.
It seems to be trying to load/run the online tour.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0

barbaz
Senior Member
Posts: 9263
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz » Sun Nov 15, 2015 3:56 pm

Can you ctrl-shift-j before it locks up, do messages appear?
Can you find the offending script(s) with a tool like HTTPFox and then block it with ABE? Does the site still work?
*Always* check the changelogs BEFORE updating that important software!
-

leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil » Sun Nov 15, 2015 4:16 pm

I tried opening the console window first and then logging in - no messages appeared on the console between entering my security info and the lockup.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0

leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil » Sun Nov 15, 2015 4:24 pm

Tried HttpFox - could see http traffic but then the separate window locked up when the website locks Firefox.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0

barbaz
Senior Member
Posts: 9263
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz » Sun Nov 15, 2015 5:14 pm

Let's check if it's really the XSS filter causing the hang.
As a test: NoScript Options > Advanced > XSS, un-check both checkboxes. Does that stop the hang?
If so, we need to come up with a specific exception as browsing with that setting is dangerous. Once the exception is in place, can check the Browser Console (Ctrl-Shift-J) again for injectionchecker related messages from NoScript. If there aren't any, you're done. If so, please post them here so we can look at them and assess whether this is false positive or not.

(Well, I think those messages will come up even if is an XSS exception...)
*Always* check the changelogs BEFORE updating that important software!
-

leamphil

Re: NoScript causing hang on lloydstsb UK Bank?

Post by leamphil » Sun Nov 15, 2015 5:28 pm

Unchecking the two XSS boxes allows the site to work. Messages on console while logging on were;
unreachable code after return statement ress-min150925.js:111:1637
Couldn't load webtrends config, click events will have limited data ress-min150925.js:113:1883
downloadable font: gasp: changed the version number to 1 (font-family: "agendaBold" style:normal weight:normal stretch:normal src index:1) source: https://secure.halifax-online.co.uk/per ... aBold.woff styles-blessed1.css:278:12
downloadable font: gasp: changed the version number to 1 (font-family: "agendaMedium" style:normal weight:normal stretch:normal src index:1) source: https://secure.halifax-online.co.uk/per ... edium.woff
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0

barbaz
Senior Member
Posts: 9263
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript causing hang on lloydstsb UK Bank?

Post by barbaz » Sun Nov 15, 2015 5:34 pm

It appears your bank is not doing anything the XSS filter finds objectionable, probably it's just doing a lot of tampering with window.name but in a "safe" way (as much as there even is such a thing ;) ).

So, re-enable the XSS filter, and try adding this exception

Code: Select all

^@https://<your_bank_domain>/

replacing <your_bank_domain> with your actual bank site's domain. If your bank has multiple domains, use this format

Code: Select all

^@https://(?:<your_bank_domain_1>|<your_bank_domain_2>|<your_bank_domain_3>)/


(The important thing is the "@", to make sure request origin is matched instead of destination. See the sticky on XSS exceptions for more information if you care.)

Please let us know how it goes, thanks.
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply