XSS message on qoppa.net -> payflowlink.paypal.com

[Colin T.]

NoScript recently gave me an XSS warning when I tried to make a purchase. The log read:

[NoScript XSS] Sanitized suspicious upload to [https://payflowlink.paypal.com/] from [http://www.qoppa.com/pdfstudio/buy/index.html]: transformed into a download-only GET request.

I'm using Firefox 6.0.1 with NoScript 2.1.2.6 on Xubuntu 11.04. I don't have scripts allowed on qoppa.net (not sure if I temporarily allowed them the first time but I don't think so) & I do on paypal (& apparently payflowlink.paypal).

I'm guessing it's a false positive, but have no way of knowing on my own. I emailed qoppa.net about it & they're looking into it. This question seems to be about the same basic problem, but it didn't get answered.

Any advice?

[QoppaSusan]

I'm marketing (not technical), and noticed you were working on making a purchase from qoppa.com (not qoppa.net).

The error message does sound as though you did not have scripts enabled on the page at Qoppa Software from which you were trying to access PayPal. Instead, it looks like you may have enabled them for qoppa.net, which would be the wrong site.

Try enabling scripts for qoppa.com instead.

[Colin T.]

Hi Susan, thanks for the response. "Qoppa.net" was a typo in my post - if I'd enabled scripts it would have been for qoppa.com (it's just a mouse-click, no typing). I'm trying to figure out whether I should enable scripts. I assume it's probably a false positive & I should, but want to get better info first. I already emailed Qoppa & got a response that someone's looking into it, but then decided to put my oar in & do a little research myself.