NS reports potential XSS filtering on newspaper website

[julep]

Hi:
I'm a newbie to NS 2.1.2.6 and don't know much about scripts, so please have patience . I visited a major newspaper blog site tonight, and received an XSS alert (Firefox 6.0.1). The alert said: "Noscript filtered a potential cross-site scripting (XSS) attempt from "domain" (see URL below). Technical details have been logged to the console."

Here is the website: http://blog.chron.com/newswatch/2011/09 ... 4-youtube/

I opened the Error Console, and it had about 80 instances of the same error message. I had never opened it before, so I don't know how old any of them were.

"Error: [Exception... "Could not convert JavaScript argument arg 0 [nsISupports.QueryInterface]" nsresult: "0x80570009 (NS_ERROR_XPC_BAD_CONVERT_JS)" location: "JS frame :: file:///C:/Program%20Files/Norton%20Internet%20Security/Engine/18.6.0.29/rfhelper32.js :: <TOP_LEVEL> :: line 348" data: no]
Source File: file:///C:/Program%20Files/Norton%20Internet%20Security/Engine/18.6.0.29/rfhelper32.js
Line: 348"

Does that error message go with the XSS filtering warning, and what is the significance? Do I need to take any action? Thanks for any info.

[dhouwn]

file:///C:/Program%20Files/Norton%20Internet%20Security/Engine/18.6.0.29/rfhelper32.js

C:/Program%20Files/Norton%20Internet%20Security/Engine/

Norton%20Internet%20Security

Norton

Ask Norton.

[julep]

Thanks, will do. That message may have nothing to do with the XSS alert, but that's all I saw in the error console. But my main question here in this forum is about the "potential XSS filtering event" that occurs at the website I posted above. I don't know if someone tests it, or how that works here. I'm new to NS and especially to the forum. Thanks.

[Colin T.]

julep, a NoScript warning about XSS will leave an entry in the log that starts with "[NoScript XSS]".

[Guest]

Thanks, Colin T.! I went to the Console, but there were no logged messages concerning XSS. There was nothing other Messages or Warnings. Just Error messages for Norton, completely unrelated to this circumstance , which is known to Norton. So I purposely went back to the offending site, and let the XSS warning occur again, which it did. As part of the warning it says "Technical details have been logged to the console."
So I went to the Console again, and again there was nothing under blue "messages" or yellow "warnings". Just the Norton errors. So I'm not sure why it is not logging or if this was a false positive or what. If someone has a test machine and tries that newspaper blog site, maybe they can see if they duplicate it. Thanks, and have a good day/evening.