XSS - how to block any requests

Ask for help about NoScript, no registration needed to post
PeterL

XSS - how to block any requests

Post by PeterL » Tue Dec 05, 2017 6:13 am

Hi.
I'm using FF 57.0.1 and NS 10.1.5.3
I'm getting a large number of XSS warnings from just about every page. I'm choosing "Always block document requests from ... to ... adservice.google.com" (and similar)
How to I place a blanket XSS block from any website to adserve, facebook, twitter, etc?
Thanks for your help.
Peter
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

User avatar
Just_Golem
Junior Member
Posts: 25
Joined: Tue Nov 28, 2017 11:04 am

Re: XSS - how to block any requests

Post by Just_Golem » Tue Dec 05, 2017 7:00 am

have you tried 10.1.5.5 that has come out. Many XSS quirks have been solved with 10.1.5.4 and 10.1.5.5 :-)
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

djl47
Posts: 16
Joined: Tue Nov 21, 2017 4:32 am

Re: XSS - how to block any requests

Post by djl47 » Tue Dec 05, 2017 2:07 pm

I've neen getting what look like false positive XSS warnings.
For example there were several of these stacked one on top of another (outbrain was set to default so how could it crossite script itself?):

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from http://widgets.outbrain.com to https://widgets.outbrain.com.

Suspicious data:

window.name
Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

PeterL

Re: XSS - how to block any requests

Post by PeterL » Tue Dec 05, 2017 9:10 pm

Just_Golem wrote:have you tried 10.1.5.5 that has come out. Many XSS quirks have been solved with 10.1.5.4 and 10.1.5.5 :-)
Thanks Just_Golem. Have just installed 10.1.5.5. Will try that today.
PeterL
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

User avatar
SlowSKier505
Posts: 5
Joined: Wed Dec 06, 2017 4:22 pm

Re: XSS - how to block any requests

Post by SlowSKier505 » Wed Dec 06, 2017 6:00 pm

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Niubi

Re: XSS - how to block any requests

Post by Niubi » Thu Dec 14, 2017 3:12 am

I've been getting the same warning every time i open my Firefox 57.0.2 (latest ver). That xss cross site scripting: fhtmb.tqn.com, registered to Fastly. I don't recall I ever use Fastly.
False positive or it is a threat?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

Post Reply