Some (but not all) of my ebay saved searches activate the NS XSS filter, displaying the "NS filtered a potential cross-site scripting (XSS) attempt from [chrome:]."
I am running XPP SP3, FF 3.5.5 and NS 1.9.9.17.
I have the ebay XSS exception recommended in the NS FAQ ( ^http://[\w\-\.]*\bsearch[\w\-\.]*\.ebay\.(?:com|de|co\.uk)[\/\?] ), which has successfully avoided tripping the XSS filters until recently.
Using the "Unsafe Reload" button solves the problem.
I cannot identify anything unique about the search that trips the filter, versus those that do not. Is there something else that I need to do to allow these searches?
-lt
XSS - ebay - saved searches
XSS - ebay - saved searches
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Re: XSS - ebay - saved searches
It will help Giorgio to diagnose your issue if you would copy and paste any red Error messages, and any pertinent blue Information messages, from Tools > Error Console. Thanks.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5
Re: XSS - ebay - saved searches
Thanks.
Messages & Warnings pasted below.
-lt
[NoScript XSS] Sanitized suspicious request. Original URL [http://shop.ebay.com/i.html?_trksid=m19 ... SS:US:1150] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://shop.ebay.com/i.html?_trksid=m19 ... 1665067101].
Warning: Error in parsing value for 'height'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0
Warning: Error in parsing value for 'display'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0
Warning: Unknown property 'word-break'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0
[NoScript] Blocking cross site Javascript served from http://srx.main.ebayrtm.com/rtm?RtmIt&p ... =2&to=3000 with wrong type info image/gif and included by http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Messages & Warnings pasted below.
-lt
[NoScript XSS] Sanitized suspicious request. Original URL [http://shop.ebay.com/i.html?_trksid=m19 ... SS:US:1150] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://shop.ebay.com/i.html?_trksid=m19 ... 1665067101].
Warning: Error in parsing value for 'height'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0
Warning: Error in parsing value for 'display'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0
Warning: Unknown property 'word-break'. Declaration dropped.
Source File: http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Line: 0
[NoScript] Blocking cross site Javascript served from http://srx.main.ebayrtm.com/rtm?RtmIt&p ... =2&to=3000 with wrong type info image/gif and included by http://shop.ebay.com/i.html?_trksid=m19 ... 2452046991
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)