Hi,
I have a website with a shop. The site does not use Javascript at all. The shop (https) has some encrypted paypal form at last shopping step. The form is a POST to paypal (https). When a user with NoScript clicks on the submit button he does not get to the PayPal login page (to finalize the order) but to the PayPal main page! There is a small warning at the page top (noscript info bar) scaring users.
XSS warning breaks shopping process!
XSS warning breaks shopping process!
Mozilla/5.0 (Windows; U; Windows NT 6.1; de; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: XSS warning breaks shopping process!
If they've got your website in their whitelist this won't happen.
However an easy way to work-around even for those who don't whitelist you is turning the POST into a GET (that's what I did with "Donate" buttons on http://noscript.net and http://flashgot.net)
However an easy way to work-around even for those who don't whitelist you is turning the POST into a GET (that's what I did with "Donate" buttons on http://noscript.net and http://flashgot.net)
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.4) Gecko/20091016 Firefox/3.5.4 (.NET CLR 3.5.30729)