XSS

[Nick_Danger]

I get a cross-site scripting (XSS) notification when trying to log on to my cell phone carrier's forum. It's just XSS junk Verizon is doing on their site, but I haven't the slightest idea what to do to enable this >particular< XSS attempt so I can get to their forum. Clicking on Options in that little NoScript popup calls up another popup full of mysterious-looking text which I haven't the faintest idea what to do with. I may have to kill NoScript just so I can get to that forum, and then re-enable NoScript afterward. XSS attempts are generally bad - or so I've read (I wouldn't know) - but are ALL of them? Is it possible some are legit? If so, let's give dumb, non-techie users like me some way to allow particular XSS attempts to succeed without having to learn an esoteric programming language first. I know lots of folks here are probably really sharp with this kind of stuff, but put yourself in my shoes: how would you like to have to write your phone's operating system in LISP before being allowed to call your next-door neighbor to let him know his dog got out?

On the bright side, apart from the way XSS is handled, NoScript looks to be a pretty good product.

[Giorgio Maone]

Can I see the [NoScript XSS] messages you should get in Tools|Error Console when this happens?

[Nick_Danger]

I can't duplicate it. Now I get nothing, no XSS notifications, no popups, nor can I log into that forum. Just get redirected back to the same page.

I know this is not helpful because you have nothing to work with, but neither do I.

Nick