InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS Warning on Background Tab that loads Media

https://forums.informaction.com/viewtopic.php?t=25662

Page 1 of 1

XSS Warning on Background Tab that loads Media

Posted: Sat Jul 27, 2019 5:29 pm
by therube
XSS Warning on Background Tab that loads Media

Oh, no idea what I'm talking about, but I think it's something like that.

Error: Exceeded 20000ms timeout

Thinking that on a media page that auto-plays, if you open multiple links in background tabs, then don't interact with them until > 20000ms, well...


Kind of like how in NoScript 5, ClearClick blocks page refresh until focus is returned to the page (if it was elsewhere).

Re: XSS Warning on Background Tab that loads Media

Posted: Sun Jul 28, 2019 2:35 am
by barbaz
Could you please post the full content of one of these XSS warnings?

Re: XSS Warning on Background Tab that loads Media

Posted: Sun Jul 28, 2019 4:57 pm
by therube
Got multiple here, then tried to reproduce & couldn't.

Other times that I've gotten similar (I simply tend to dismiss) it was often something like sitename & sitenamecdn which I likened to ClearClick like behavior. So this one is a bit different in that respect.

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://www.crunchyroll.com to https://www.facebook.com.

Suspicious data:

Error: Exceeded 20000ms timeout,(URL) https://www.facebook.com/v2.5/plugins/like.php?action=like&app_id=&channel=https://staticxx.facebook.com/connect/xd_arbiter.php?version=44#cb=f3280f318562486&domain=www.crunchyroll.com&origin=https%3A%2F%2Fwww.crunchyroll.com%2Ff37a56209ec1534&relation=parent.parent&container_width=300&href=https://www.facebook.com/Crunchyroll&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited