XSS block/allow pop up

Ask for help about NoScript, no registration needed to post
ventuz

XSS block/allow pop up

Post by ventuz » Tue Nov 21, 2017 8:58 pm

With the new Firefox 57 update, I'm getting TON of annoying XSS block/allow pop up. Can't I turn off the pop up?

The FAQ said there is way to turn off, but I don't see the option. All I see in option is:

1. [unchecked] Scripts Globally Allowed (dangerous)
2. [checked]Sanitize cross-site suspicious requests -- both check and uncheck doesn't do anything to popup
3. [unchecked] debug

Image
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Please Keep Private

Re: XSS block/allow pop up

Post by Please Keep Private » Tue Nov 21, 2017 9:29 pm

Thanks for all the the good work on NoScript 10 for firefox quantum.

Would it be too much to request a "always block" option in addition to "always allow" so it stops asking over and over?

Thanks.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

wassz

Re: XSS block/allow pop up

Post by wassz » Tue Nov 21, 2017 11:36 pm

Seconded, or some real way to turn off XSS notifications, the new options page seems to be very minimal and none of the options (even allow scripts globally) seems to stop the XSS prvevntion popups
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

NoCaker
Posts: 2
Joined: Fri Apr 15, 2016 12:20 pm

Re: XSS block/allow pop up

Post by NoCaker » Wed Nov 22, 2017 2:16 am

Having the same issue, and it's driving me nuts!
Previous NoScript silently blocked them in the background, which is exactly what I want.

Here I get spammed with 10s of pop-ups on certain sites when browsing.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0

grizzler
Posts: 10
Joined: Mon Oct 16, 2017 9:06 am

Re: XSS block/allow pop up

Post by grizzler » Wed Nov 22, 2017 7:09 pm

The popup is completely blank on my system, so there isn't even a way to indicate what I want done.

This add-on is now officially junk in my book. I temporarily switch it off in the add-on manager whenever it does something that bothers me, but I'm not going to keep doing that forever...

I'm even moving to Pale Moon from time to time... :(
Mozilla/5.0 (X11; Linux x86_64; rv:52.9) Gecko/20100101 Goanna/3.4 Firefox/52.9 PaleMoon/27.6.1

barbaz
Senior Member
Posts: 9721
Joined: Sat Aug 03, 2013 5:45 pm

Re: XSS block/allow pop up

Post by barbaz » Wed Nov 22, 2017 7:32 pm

grizzler wrote:This add-on is now officially junk in my book.
Your frustration is understandable, and NoScript 10 may be unusable for you atm, but let's keep the comments at a reasonable level. NoScript 10 is still in very early stages and needs a lot of work.

If you prefer to use Pale Moon with NoScript Classic for the time being, feel free, NoScript Classic will be supported until June 2018.
*Always* check the changelogs BEFORE updating that important software!
-

Guest

Re: XSS block/allow pop up

Post by Guest » Thu Nov 23, 2017 4:23 am

grizzler wrote:The popup is completely blank on my system, so there isn't even a way to indicate what I want done.
I'm getting the same behaviour, but I've found that resizing the popup box forces a redraw and fixes it, so it is merely annoying now.

I'm using Debian GNU/Linux "Sid" version.

Also, a hearty me-too for an always block option.
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

MisanthropicScott

Re: XSS block/allow pop up

Post by MisanthropicScott » Wed Nov 29, 2017 5:11 pm

I'd like this option as well. In fact, one of the very common XSS requests from a great number of sites is for FaceBook. It might even be good to add an option to block all XSS requests to a particular site, like FaceBook, regardless of the source site.

I'd also like to echo the point about the new options for enabling and disabling scripts being far more confusing than the old 3 valued choice of allow, block, or temporarily allow. I finally found the option for temporary. It was far from obvious. But, many of the other choices are very confusing to non-web developers. I was a middleware developer for most of the 23 years of my career, so am at least mildly geeky (even if not in the field of web development) and find these options difficult to understand.
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:57.0) Gecko/20100101 Firefox/57.0

kevinoid
Posts: 6
Joined: Sat Dec 02, 2017 4:11 am
Contact:

Re: XSS block/allow pop up

Post by kevinoid » Sat Dec 02, 2017 5:51 am

Guest wrote:
grizzler wrote:The popup is completely blank on my system, so there isn't even a way to indicate what I want done.
I'm getting the same behaviour, but I've found that resizing the popup box forces a redraw and fixes it, so it is merely annoying now.

I'm using Debian GNU/Linux "Sid" version.
I'm seeing the same behavior on Debian, both with the firefox 57.0.1-1 package and with Firefox 57.0.1, 58.0b8, and 59.0a1 nightly downloaded from mozilla.org today. For me it's completely reproducible: I can create a fresh profile, install NoScript, then search for "!sp test" on DuckDuckGo and I get a blank NoScript XSS Warning window every time. Resizing the window makes the content become visible.

Is anyone seeing this behavior on non-Debian systems? Is this likely a NoScript bug or a Firefox bug? Any suggestions for how to further test/isolate the issue would be appreciated.
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

aussiebill
Posts: 5
Joined: Sun Nov 19, 2017 12:46 am

Re: XSS block/allow pop up

Post by aussiebill » Sat Dec 02, 2017 7:47 am

I am getting the same issue too.

But it seems to be saving scripts in the background as they always popup after opening FF after closing it down after getting the Xscript error.

I suppose we are getting these "Teething Issues" ,annoying but at least you know its working.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

User avatar
Just_Golem
Junior Member
Posts: 25
Joined: Tue Nov 28, 2017 11:04 am

Re: XSS block/allow pop up

Post by Just_Golem » Sat Dec 02, 2017 10:30 am

To all Linux users getting the Blank XSS box

Use this workaround to get text field back until this gets solved

Just resize the Blank Window, even by just 1 pixel either way. Text will become visible including Options and Check boxes

https://twitter.com/Just_Golem/status/9 ... 5763637251
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Mr.XSS

Re: XSS block/allow pop up

Post by Mr.XSS » Sat Dec 02, 2017 10:40 am

Much better with the latest 10.1.5.1 now. The dialog now has a "Always block cross-site requests from site X to Y" checkbox - and it seems to do the trick. It's possible to visit sites like imdb.com again, without tons of repeating popups.
Thanks! :)
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

kevinoid
Posts: 6
Joined: Sat Dec 02, 2017 4:11 am
Contact:

Re: XSS block/allow pop up

Post by kevinoid » Sun Dec 03, 2017 3:38 am

kevinoid wrote:
grizzler wrote:The popup is completely blank on my system, so there isn't even a way to indicate what I want done.
I'm seeing the same behavior on Debian, both with the firefox 57.0.1-1 package and with Firefox 57.0.1, 58.0b8, and 59.0a1 nightly downloaded from mozilla.org today.
I can no longer reproduce the issue with NoScript 10.1.5.3 (10.1.5.2 not tested). It appears to be fixed for me. Thank you!
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Post Reply