I am unable to post any HTML coded links (img src= or a href=) in a Reply on Dreamwidth. I am running the Firefox (v3.6.3) add-on NoScript v1.9.9.74, which I upgraded from v1.9.9.71 to make certain it wasn't due to an out-of-date version.
I receive "NoScript filtered a potential cross-site scripting attempt from [danceswithgary.dreamwidth.org]. Technical details have been logged to the Console.
Of course, when I tell NoScript to ignore and post (unsafely) anyway, it works.
I've tested posting with images from my LiveJournal account, a userpic from my Dreamwidth account, Livejournal links, and Dreamwidth links. All fail with the same error.
I have NoScript set with Dreamwidth and LiveJournal as trusted accounts. LiveJournal does not encounter the error for the same actions.
From an attempt to post a link of my default userpic on Dreamwidth to a reply to a post on my Dreamwidth account (no idea what's cross-site here):
[NoScript XSS] Sanitized suspicious upload to [http://www.dreamwidth.org/talkpost_do§ ... 2942%22%3E] from [http://danceswithgary.dreamwidth.org/37 ... mode=reply]: transformed into a download-only GET request.
I've also submitted the same information to Dreamwidth. Thanks.
XSS error on whitelisted site
-
danceswithgary
- Posts: 2
- Joined: Sat May 01, 2010 3:22 pm
XSS error on whitelisted site
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
-
danceswithgary
- Posts: 2
- Joined: Sat May 01, 2010 3:22 pm
Re: XSS error on whitelisted site
Addendum: I'm aware that a solution is to add
http://www.dreamwidth.org/talkpost_do.bml
to the XSS exceptions, and I have now done so. I just thought it would be helpful to report the issue.
http://www.dreamwidth.org/talkpost_do.bml
to the XSS exceptions, and I have now done so. I just thought it would be helpful to report the issue.
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)