XSS on Amazon

[TrueWill]

With the latest version of NoScript I've started to get potential XSS filtering on Amazon.com. For example, going to this link will give it:

http://www.amazon.com/Framework-Design- ... 0321545613

As an aside, the captcha for signing up for the forum is extremely frustrating. It took me 5 or 6 tries to get it right.

Thank you!

[Giorgio Maone]

Going to that link doesn't give me any warning.
Could you check if your problem persists with latest development build 1.9.0.9?
If it does, could you show me the [NoScript XSS] line(s) you get in Tools|Error Console?
Thanks.

[TrueWill]

Going to that link doesn't give me any warning.
Could you check if your problem persists with latest development build 1.9.0.9?
If it does, could you show me the [NoScript XSS] line(s) you get in Tools|Error Console?
Thanks.

Thanks - I installed the latest development build, and still got it. Here's the error console line:

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://view.atdmt.com/MRT/iview/177129049/direct/01/3800484?click=http://ad.doubleclick.net/click%3Bh=v8/38c2/3/0/%2a/s%3B218441852%3B0-0%3B1%3B18274663%3B4307-300/250%3B33666080/33683958/1%3Bu%3De766594f80e84f9e97fbe86bca960bf1%3B%7Eaopt%3D3/1/11/2%3B%7Esscs%3D%3f] requested from [http://www.amazon.com/aan/2009-09-09/static/amazon.us/iframeproxy.html#dclick=amzn.us.dp.books/computer_internet;sz%3D300x250;u%3De766594f80e84f9e97fbe86bca960bf1;ord%3D0YH2WE470403R523CDMD;s%3D108;s%3D97;s%3D250;s%3D249;s%3D99;s%3D102;s%3D364;s%3D227;s%3D363;s%3D231;s%3D125;s%3D232;s%3D126;s%3D118;s%3D120;s%3D3;s%3D276;s%3D7;s%3D277;s%3D143;s%3D280;s%3D142;s%3D5;s%3D279;s%3D11;s%3D12;s%3D130;s%3D9;s%3D286;s%3D16;s%3D14;s%3D156;s%3D153;s%3D24;s%3D23;s%3D22;s%3D21;s%3D147;s%3D148;s%3D27;s%3D267;s%3D25;s%3D32;s%3D270;s%3D150;s%3D29;s%3D37;s%3D173;s%3D38;s%3D33;s%3D172;s%3D165;s%3D46;s%3D48;s%3D295;s%3D54;s%3D53;s%3D56;s%3D294;s%3D55;s%3D49;s%3D52;s%3D188;s%3D51;s%3D303;s%3D62;s%3D57;s%3D59;s%3D67;s%3D80;s%3D195;s%3D224;s%3D221;s%3D220;s%3D217;s%3D218;s%3D93;s%3D92;s%3D91;s%3D332;s%3Dm1;z%3D153;z%3D180;z%3D141;tile%3D1%3F]. Sanitized URL: [http://view.atdmt.com/MRT/iview/177129049/direct/01/3800484?click=http://ad.doubleclick.net/click%3Bh=v8%2F38c2%2F3%2F0%2F*%2Fs%3B218441852%3B0-0%3B1%3B18274663%3B4307-300%2F250%3B33666080%2F33683958%2F1%3Bu%20e766594f80e84f9e97fbe86bca960bf1%3B~aopt%203%2F1%2F11%2F2%3B~sscs%20%3F#6883692636994576505].

[Giorgio Maone]

hm, is there any reason why you are trusting atdmt.com?

[TrueWill]

hm, is there any reason why you are trusting atdmt.com?

None. They're Yet Another Online Marketing Company.

Amazon.com is in my Whitelist. So there are two issues here:

Personal - How can I trust Amazon, distrust the marketer, and avoid the distracting pop-up?
General - Others are probably getting these XSS pop-ups too, and you probably don't want to answer their questions individually.

Thank you!

[Giorgio Maone]

Personal - How can I trust Amazon, distrust the marketer, and avoid the distracting pop-up?

Use "Forbid atdmt.com"

General - Others are probably getting these XSS pop-ups too, and you probably don't want to answer their questions individually.

The false positive is already fixed in code that will be released with next version.

[TrueWill]

Thanks much!