Huffington Post (HuffPo) Germany - Not able to read Comments

Ask for help about NoScript, no registration needed to post
VevendoVides

Huffington Post (HuffPo) Germany - Not able to read Comments

Post by VevendoVides » Sat Dec 16, 2017 12:28 pm

Hi together. Since Years I have the Problem reading Comments in the HuffPo, i.e. here: http://www.huffingtonpost.de/entry/merk ... e-homepage

First I thought that had to do with a blocked script but that was definetely not the Reason. Only Disabling NoScript completely brought Help. The reason seams to be the XSS Cross Site Scripting, in this case XSS [http://www.huffingtonpost.de]->[https://www.facebook.com]

In the console I found this one relating to the above:

Code: Select all

getUserData() oder setUserData() sollten nicht mehr verwendet werden. Verwenden Sie stattdessen WeakMap oder element.dataset. requestNotifier.js:53:0
[NoScript InjectionChecker] JavaScript Injection in ///plugins/comments.php?api_key=137920063083844&channel_url=http://staticxx.facebook.com/connect/xd_arbiter/r/lY4eZXm_YWu.js?version=42#cb=f666f981c50036&domain=www.huffingtonpost.de&origin=http://www.huffingtonpost.de/f30f36b538e6e0e&relation=parent.parent&colorscheme=light&href=http://www.huffingtonpost.de/entry/merkel-schulz-groko-theater_de_5a33d8fbe4b0ff955ad22ad3&locale=de_DE&numposts=10&sdk=joey&skin=light&version=v2.5&width=570
(function anonymous() {
www.huffingtonpost.de/f30f36b538e6e0e&relation==parent.parent&colorscheme==light
})
[NoScript XSS] Eine verdächtige Anfrage wurde bereinigt. Original-URL [https://www.facebook.com/plugins/comments.php?api_key=137920063083844&channel_url=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FlY4eZXm_YWu.js%3Fversion%3D42%23cb%3Df666f981c50036%26domain%3Dwww.huffingtonpost.de%26origin%3Dhttp%253A%252F%252Fwww.huffingtonpost.de%252Ff30f36b538e6e0e%26relation%3Dparent.parent&colorscheme=light&href=http%3A%2F%2Fwww.huffingtonpost.de%2Fentry%2Fmerkel-schulz-groko-theater_de_5a33d8fbe4b0ff955ad22ad3&locale=de_DE&numposts=10&sdk=joey&skin=light&version=v2.5&width=570] angefordert von [http://www.huffingtonpost.de/entry/merkel-schulz-groko-theater_de_5a33d8fbe4b0ff955ad22ad3?x4&utm_hp_ref=de-homepage]. Bereinigte URL: [https://www.facebook.com/plugins/comments.php?api_key=137920063083844&channel_url=http%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FlY4eZXm_YWu.js%3Fversion%3D42%23cb%2520f666f981c50036%2526domain%2520www.huffingtonpost.de%2526origin%2520http%253A%252F%252Fwww.huffingtonpost.de%252Ff30f36b538e6e0e%2526relation%2520parent.parent&colorscheme=light&href=http%3A%2F%2Fwww.huffingtonpost.de%2Fentry%2Fmerkel-schulz-groko-theater_de_5a33d8fbe4b0ff955ad22ad3&locale=de_DE&numposts=10&sdk=joey&skin=light&version=v2.5&width=570].
Any Idea what to do despite disabling NoScript? And easy explained please, i am not a Teckie :-)

Thank you in Advance and have a nice X-Mas Time
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.9) Gecko/20100101 Goanna/3.4 Firefox/52.9 PaleMoon/27.6.2

User avatar
Just_Golem
Junior Member
Posts: 25
Joined: Tue Nov 28, 2017 11:04 am

Re: Huffington Post (HuffPo) Germany - Not able to read Comm

Post by Just_Golem » Sat Dec 16, 2017 2:11 pm

Visited the site from Canada (using NoScript 10.1.5.8)

On first load, as expected, everything is blocked

Clicked NoScript icon and Chose: Temporarily allow , a first time
Page reloaded, and new things were blocked and were listed
Clicked Temporarily allow a "Second time", reloaded and then Temporarily Allow a"Third" and last time.
Comment were visible after that, and I did not get any XSS error or Box

Not sure if this is of any help, but wanted to chime in, in case :-) :-)
Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0

Pansa
Senior Member
Posts: 318
Joined: Fri Nov 24, 2017 10:30 pm

Re: Huffington Post (HuffPo) Germany - Not able to read Comm

Post by Pansa » Sat Dec 16, 2017 2:18 pm

Can't reproduce either. (In No script 10.1.5.7)

I set
...huffingtonpost.de (red)
...facebook.net (red)
...facebook.com (red)
...fbcdn.net (black)

To trusted. Comments load fine.

edit:
Just noticed:
"Firefox/52.9 PaleMoon/27.6.2"

Which version of No script are you running?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0

barbaz
Senior Member
Posts: 9720
Joined: Sat Aug 03, 2013 5:45 pm

Re: Huffington Post (HuffPo) Germany - Not able to read Comm

Post by barbaz » Sat Dec 16, 2017 4:17 pm

Pansa wrote:edit:
Just noticed:
"Firefox/52.9 PaleMoon/27.6.2"

Which version of No script are you running?
They're either running this version or latest NoScript Classic.

:arrow: https://forums.informaction.com/viewtop ... =7&t=23069
*Always* check the changelogs BEFORE updating that important software!
-

VevendoVides

Re: Huffington Post (HuffPo) Germany - Not able to read Comm

Post by VevendoVides » Sat Dec 16, 2017 5:32 pm

Guys, you are doing great!

Thank you for the sharp eyes, esp. regarding PaleMoon and my outdated Releas of NoScript (5.0.6) First I've tried a newer version of it but that was not accepted due to an old release of Firefox (which is understandable since PM an FF devorced).

So I followed @barbaz hint and tried this Exceptions in the XSS-Opinion-Menue:

Code: Select all

^https://www\.facebook\.com/plugins/comments\.php\?

^https://www\.facebook\.com/plugins/feedback\.php\?
And after that, like the Flintstones: YappadappaDoo - It works!

Thank you so much for your Help an Assistance. Have a peacefull Christmas and a Happy New Year
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.9) Gecko/20100101 Goanna/3.4 Firefox/52.9 PaleMoon/27.6.2

barbaz
Senior Member
Posts: 9720
Joined: Sat Aug 03, 2013 5:45 pm

Re: Huffington Post (HuffPo) Germany - Not able to read Comm

Post by barbaz » Sat Dec 16, 2017 7:26 pm

You're welcome! Image
VevendoVides wrote:I've tried a newer version of it but that was not accepted due to an old release of Firefox (which is understandable since PM an FF devorced).
Latest NoScript Classic (5.1.8.3) should still work in Pale Moon.
*Always* check the changelogs BEFORE updating that important software!
-

Post Reply