Ask for help about NoScript, no registration needed to post
-
therube
- Ambassador
- Posts: 7969
- Joined: Thu Mar 19, 2009 4:17 pm
- Location: Maryland USA
Post
by therube »
Don't know if this is good or bad or expected or not.
(Just realized I'm still on 2.3.3rc1 for some reason.)
Anyhow ...
URL:
http://www.cabelas.com/product/Cabelas-Packable-Nylon-Parka-150-Regular/1152325.uts?rid=10&WT.tsrc=AFF&WT.mc_id=k16730
Code: Select all
+dotomi.com
-facebook.net
-dtmpub.com
+bazaarvoice.com
+googleapis.com
+cabelas.com
Code: Select all
[NoScript XSS] Sanitized suspicious request. Original URL [http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2122&dtm_cmagic=abdbeb&dtm_format=5&dtmc_ver=1&cli_promo_id=6&dtm_user_id=&dtmc_cat=Home%7CCabelas+Nylon+Packable&dtmc_cat_id=105625080%7C110484180&dtmc_prod=Cabela%2527s+Packable+Nylon+Parka+%2526%2523150%253B+Regular&dtmc_prod_id=1152325&dtmc_brand=Cabela%2527s&dtmc_prod_img=http%3A//images.cabelas.com/is/image/cabelas/s7_923085_renderset_08%3F%7C&dtmc_session_id=5B1B7C7950A57688BC83F31B3A570403.ap7&dtmc_customer_type=New&dtmc_source=nonPaid&dtmc_ref=http%3A//slickdeals.net/f/4027738-Cabela-s-Men-s-Packable-Parka-15-w-Q-Shipped-Cabelas-com&dtmc_loc=http%3A//www.cabelas.com/product/Cabelas-Packable-Nylon-Parka-150-Regular/1152325.uts%3Frid%3D10%26WT.tsrc%3DAFF%26WT.mc_id%3Dk16730] requested from [http://www.cabelas.com/product/Cabelas-Packable-Nylon-Parka-150-Regular/1152325.uts?rid=10&WT.tsrc=AFF&WT.mc_id=k16730]. Sanitized URL: [http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2122&dtm_cmagic=abdbeb&dtm_format=5&dtmc_ver=1&cli_promo_id=6&dtm_user_id=&dtmc_cat=Home%7CCabelas+Nylon+Packable&dtmc_cat_id=105625080%7C110484180&dtmc_prod=Cabela%20s+Packable+Nylon+Parka+%u2013+Regular&dtmc_prod_id=1152325&dtmc_brand=Cabela%20s&dtmc_prod_img=http%3A//images.cabelas.com/is/image/cabelas/s7_923085_renderset_08%3F%7C&dtmc_session_id=5B1B7C7950A57688BC83F31B3A570403.ap7&dtmc_customer_type=New&dtmc_source=nonPaid&dtmc_ref=http%3A//slickdeals.net/f/4027738-Cabela-s-Men-s-Packable-Parka-15-w-Q-Shipped-Cabelas-com&dtmc_loc=http%3A//www.cabelas.com/product/Cabelas-Packable-Nylon-Parka-150-Regular/1152325.uts%3Frid%3D10%26WT.tsrc%3DAFF%26WT.mc_id%3Dk16730#8769819261210319783].
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 5.1; rv:12.0a2) Gecko/20120304 Firefox/12.0a2 SeaMonkey/2.9a2
-
Tom T.
- Field Marshal
- Posts: 3620
- Joined: Fri Mar 20, 2009 6:58 am
Post
by Tom T. »
Cannot reproduce XSS message with that permissions list in Fx 3.6.27, NS 2.3.3rc3.
Had to TA a bunch of stuff in
RequestPolicy just to get most of those even to show in the list. Are all of them necessary to shop and buy stuff?
Will try on Fx 10.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.27) Gecko/20120216 Firefox/3.6.27
-
Tom T.
- Field Marshal
- Posts: 3620
- Joined: Fri Mar 20, 2009 6:58 am
Post
by Tom T. »
Reproduced on Fx 10.0.02, same NS, *only after* OK-ing:
Code: Select all
Temporarily allow http://cabelas.ugc.bazaarvoice.com/8815/***crossdomain***].htm?format=embedded#origin=http%3A%2F%2Fwww.cabelas.com
(text/html <IFRAME> / http://www.cabelas.com)
Hmmm.... does that word, "crossdomain" have anything to do with this?
(I added the stars for emphasis, as
Mozilla/5.0 (Windows NT 5.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
-
therube
- Ambassador
- Posts: 7969
- Joined: Thu Mar 19, 2009 4:17 pm
- Location: Maryland USA
Post
by therube »
Not seeing it in 2.3.3.rc5.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0a2) Gecko/20120306 Firefox/12.0a2 SeaMonkey/2.9a2
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
-
Contact:
Post
by Giorgio Maone »
Actually the original one should be gone in
latest development build 2.3.3rc6.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2
