Page 1 of 1

How to block all XSS to facebook?

Posted: Wed May 01, 2019 12:51 am
by skivvies
Can NoScript/Firefox/Linux be configured to always deny XSS to facebook.com? And if so, how?

Re: How to block all XSS to facebook?

Posted: Thu May 02, 2019 1:14 pm
by Giorgio Maone
Generally you can do it by choosing the right option when you get a XSS warning dialog.
Do you get XSS warnings on Facebook?
May I see a screenshot?

Re: How to block all XSS to facebook?

Posted: Thu May 02, 2019 2:12 pm
by skivvies
Image

I am using the TOR fork of the Firefox browser so my selections are not preserved. Since I turn my PC off at night, I have to make the same selections day after day after day. There are others besides facebook but if I knew how to make the facebook selection persistent then I could do it for the others as well.

Re: How to block all XSS to facebook?

Posted: Thu May 02, 2019 2:14 pm
by skivvies
EDIT:
Sorry, I didn't answer your question. I don't get these on facebook because I don't use it.

Re: How to block all XSS to facebook?

Posted: Thu May 02, 2019 2:34 pm
by Giorgio Maone
If you're using the Tor Browser, open the NoScript Options>Advanced>XSS tab, then:
  • check Scan uploads for potential cross-site attacks
  • Uncheck sk confirmation for cross-site POST requests which could not be scanned
That said, "Always block from... to..." and the other XSS options should be remembered across sessions even you use the Tor Browser.
Some other settings, though, get reset by Tor Browser's own security settings on every restart unless you check Override Tor Browser's Security Level preset.

Re: How to block all XSS to facebook?

Posted: Thu May 02, 2019 4:05 pm
by skivvies
I don't seem to have an XSS tab under advanced.

Image

To see if it was a "Linux thing," I installed the NoScropt add-on in Firefox on Win7:

Image