XSS - ebay - saved searches

Ask for help about NoScript, no registration needed to post
lturnerjr
Posts: 2
Joined: Thu Nov 26, 2009 8:55 pm

XSS - ebay - saved searches

Post by lturnerjr »

Some (but not all) of my ebay saved searches activate the NS XSS filter, displaying the "NS filtered a potential cross-site scripting (XSS) attempt from [chrome:]."

I am running XPP SP3, FF 3.5.5 and NS 1.9.9.17.

I have the ebay XSS exception recommended in the NS FAQ ( ^http://[\w\-\.]*\bsearch[\w\-\.]*\.ebay\.(?:com|de|co\.uk)[\/\?] ), which has successfully avoided tripping the XSS filters until recently.

Using the "Unsafe Reload" button solves the problem.

I cannot identify anything unique about the search that trips the filter, versus those that do not. Is there something else that I need to do to allow these searches?
-lt
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Tom T.
Field Marshal
Posts: 3620
Joined: Fri Mar 20, 2009 6:58 am

Re: XSS - ebay - saved searches

Post by Tom T. »

It will help Giorgio to diagnose your issue if you would copy and paste any red Error messages, and any pertinent blue Information messages, from Tools > Error Console. Thanks.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
lturnerjr
Posts: 2
Joined: Thu Nov 26, 2009 8:55 pm

Re: XSS - ebay - saved searches

Post by lturnerjr »

Thanks.

Messages & Warnings pasted below.
-lt


[NoScript XSS] Sanitized suspicious request. Original URL [http://shop.ebay.com/i.html?_trksid=m19 ... SS:US:1150] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://shop.ebay.com/i.html?_trksid=m19 ... 1665067101].

Warning: Error in parsing value for 'height'. Declaration dropped.

Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0

Warning: Error in parsing value for 'display'. Declaration dropped.

Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0

Warning: Unknown property 'word-break'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0

[NoScript] Blocking cross site Javascript served from http://srx.main.ebayrtm.com/rtm?RtmIt&p ... =2&to=3000 with wrong type info image/gif and included by http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Post Reply