How to block all XSS to facebook?

General discussion about the NoScript extension for Firefox
Post Reply
skivvies
Posts: 4
Joined: Wed May 01, 2019 12:42 am

How to block all XSS to facebook?

Post by skivvies » Wed May 01, 2019 12:51 am

Can NoScript/Firefox/Linux be configured to always deny XSS to facebook.com? And if so, how?
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

User avatar
Giorgio Maone
Site Admin
Posts: 8673
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: How to block all XSS to facebook?

Post by Giorgio Maone » Thu May 02, 2019 1:14 pm

Generally you can do it by choosing the right option when you get a XSS warning dialog.
Do you get XSS warnings on Facebook?
May I see a screenshot?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0

skivvies
Posts: 4
Joined: Wed May 01, 2019 12:42 am

Re: How to block all XSS to facebook?

Post by skivvies » Thu May 02, 2019 2:12 pm

Image

I am using the TOR fork of the Firefox browser so my selections are not preserved. Since I turn my PC off at night, I have to make the same selections day after day after day. There are others besides facebook but if I knew how to make the facebook selection persistent then I could do it for the others as well.
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

skivvies
Posts: 4
Joined: Wed May 01, 2019 12:42 am

Re: How to block all XSS to facebook?

Post by skivvies » Thu May 02, 2019 2:14 pm

EDIT:
Sorry, I didn't answer your question. I don't get these on facebook because I don't use it.
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

User avatar
Giorgio Maone
Site Admin
Posts: 8673
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: How to block all XSS to facebook?

Post by Giorgio Maone » Thu May 02, 2019 2:34 pm

If you're using the Tor Browser, open the NoScript Options>Advanced>XSS tab, then:
  • check Scan uploads for potential cross-site attacks
  • Uncheck sk confirmation for cross-site POST requests which could not be scanned
That said, "Always block from... to..." and the other XSS options should be remembered across sessions even you use the Tor Browser.
Some other settings, though, get reset by Tor Browser's own security settings on every restart unless you check Override Tor Browser's Security Level preset.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0

skivvies
Posts: 4
Joined: Wed May 01, 2019 12:42 am

Re: How to block all XSS to facebook?

Post by skivvies » Thu May 02, 2019 4:05 pm

I don't seem to have an XSS tab under advanced.

Image

To see if it was a "Linux thing," I installed the NoScropt add-on in Firefox on Win7:

Image
Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0

Post Reply