Bug logging out of yahoo mail on Firefox 18.0.2

[yahoo mail user]

Since upgrading to Firefox's latest version (18.0.2), NoScript reports an XSS attempt every time I log out of yahoo mail (see screencap below) and doesn't log me off. Instead of logging me off, it takes me to login.yahoo.com/[other stuff] where my username is filled in. I have to click "Sign Off" on that page again to completely log off. It happens both with the newest version of NoScript 2.6.5.7 as well as the previous version.


the blacked out numbers vary depending on, I assume, the server that the mail account is on, but it happens with all yahoo mail accounts, every single time.

[Tom T.]

Yahoo and a couple others have had ongoing problems with cross-site scripting vulnerabilities, repeatedly saying they're fixed, but then exploited in a slightly different form a few weeks later. See the story in the link at this post. It appears that NS may in fact be protecting you from another genuine exploit.

Personally, I decided to log out of Yahoo mail just by closing the browser. Or, if other tabs are open that I wish to keep open, close that tab and remove the Yahoo cookies.

Could you please reproduce the situation that generates the XSS message, then open Firefox Error Console (Ctrl+Shift+J), click the blue "Messages" icon, and copy/paste here any messages relating to NoScript? Especially those that start with [XSS}. Thanks. (Note: If the spam filter trips, try enclosing the messages in

Code: Select all

 tags.) Also feel free to black out the "mcXXXX" numbers, although I think they're moderately random and based on load-balancing.

[yahoo mail user]

Hello Tom,

Thanks for your reply. Sorry I couldn't get back to you sooner - I've been without access to the internet since my last post.

I reproduced the error like you requested. I also noticed that it only happens on Yahoo Mail Classic, not on the "new" yahoo mail (I have one account that's not on the Classic scheme and that's the only one that didn't trigger the XSS warning). Anywyay, I have the error info. However, even putting it all within CODE tags triggers the spam filter. :/

[Thrawn]

Please send info to Tom or myself via private message, and we can post it for you .

[Tom T.]

Send it to both of us. Whoever sees it first can post it for you. Faster service.

[Tom T.]

(O/T) One more in a growing series of reports of XSS messages tripping the filter, even inside Code tags. I'm going to ask Giorgio to look at the filter at his earliest convenience, to see if he can tweak it to let these messages *generated by NoScript itself* get through.

On the other hand, we still delete and ban hundreds of spams every day, even with the very aggressive filter. So unfortunately, it's always a trade-off. Please bear with us.

[therube]

Code: Select all

+yahooapis.com
+yimg.com
+yahoo.com

Normally nothing is need.
For a bit more functionality, you need yahoo.com & yimg.com.
For the "sign out" button to even show, you then yahooapis.com.

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///_ylt=Ajb2yAO2Tol5IRq7W4FEYuhhk70X/SIG=14s5ogues/EXP=1363103050/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US
(function anonymous() {
EXP=1363103050/**http`//login.yahoo.com/config/login`=1%26.direct=2%26.done=http`//www.yahoo.com`;.src=ym` /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://us.lrd.yahoo.com/_ylt=Ajb2yAO2Tol5IRq7W4F........./SIG=14s5ogues/EXP=1363103050/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US] requested from [http://us.mc1614.mail.yahoo.com/mc/welcome?.gx=1&.tm=13618.....&.rand=3v9vl1dsesbtp]. Sanitized URL: [http://us.lrd.yahoo.com/_ylt%20Ajb2yAO2Tol5IRq7W4F........./SIG%2014s5ogues/EXP%201363103050/**http://login.yahoo.com/config/login%3Flogout%201&.direct%202&.done%20http://www.yahoo.com&.src%20ym&.intl%20us&.lang%20en-US#9616619910.........].

[ymu01]

This is "yahoo mail user," now with a registered forum account.

Thrawn and Tom: Sent you both a PM with the code. Thank you!

Therube: All of those are allowed (I've had them allowed for years) and yet it's only recently that this problem started. :/

[Thrawn]

I can see why the spam filter wouldn't let this lot through . From private message:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///_ylt=AjzThpeXJovMGgSNaakyTK9hk70X/SIG=14sejbkjh/EXP=1363062801/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US
(function anonymous() {
EXP=1363062801/**http`//login.yahoo.com/config/login`=1%26.direct=2%26.done=http`//www.yahoo.com`;.src=ym` /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://us.lrd.yahoo.com/_ylt=AjzThpeXJovMGgSNaakyTK9hk70X/SIG=14sejbkjh/EXP=1363062801/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US] requested from [http://us.mcXXXX.mail.yahoo.com/mc/welcome?.gx=0&.tm=1361853201&.rand=952kfd0ts3bqv]. Sanitized URL: [http://us.lrd.yahoo.com/_ylt%20AjzThpeXJovMGgSNaakyTK9hk70X/SIG%2014sejbkjh/EXP%201363062801/**http://login.yahoo.com/config/login%3Flogout%201&.direct%202&.done%20http://www.yahoo.com&.src%20ym&.intl%20us&.lang%20en-US#8053796949080491876].

Code: Select all

[NoScript InjectionChecker] HTML injection:
<style
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:e(?:rror(?:update)?|nd)|c(?:o(?:nt(?:extmenu|rolselect)|py)|ut|lick|(?:ellc)?hange)|m(?:o(?:ve(?:end|start)?|use(?:o(?:ut|ver)|up|(?:mo|lea)ve|down|wheel|enter))|essage)|lo(?:ad|secapture)|d(?:r(?:ag(?:en(?:d|ter)|drop|over|leave|start)?|op)|ata(?:setc(?:hanged|omplete)|available)|blclick|eactivate)|s(?:t(?:op|art)|elect(?:start)?|croll|ubmit)|b(?:e(?:for(?:e(?:c(?:ut|opy)|p(?:aste|rint)|u(?:pdate|nload)|activate|editfocus)|deactivate)|gin)|lur|ounce)|p(?:ast|ropertychang)e|key(?:up|down|press)|f(?:o(?:cus(?:in|out)?|rm(?:input|change))|i(?:nish|lterchange))|in(?:put|valid)|a(?:fter(?:print|update)|bort|ctivate)|r(?:e(?:s(?:et|ize)|peat|adystatechange)|ow(?:e(?:xit|nter)|s(?:delete|inserted)))|zoom|help|unload))[\s\x08]*=

Code: Select all

[NoScript XSS]: sanitized window.name, "clean=iframeHolder&dest=adFrame&w=1920&h=1024&css=%2523fc_align%2520%257B%2520width%253A100%2525%253Bmin-width%253A1920px%253Bmargin-left%253Aauto%253Bmargin-right%253Aauto%253Bdisplay%253Ainline-block%253Btext-align%253Acenter%253B%2520%257D&pos=RICH&bg=transparent&tgt=_blank&z=0&supports=false&size=1440x1024&fr=&html=%253C%2521--Property%2520fallback%2520ad--%253E%2520%250A%253C%2521--Vendor%253A%2520Yahoo%252C%2520Format%253A%2520Login%2520Ad%2520-%2520Static%252C%2520Name%253A%2520Login%2520Ad--%253E%250A%253Cstyle%253E%250Ahtml%2520%257Bbackground-color%253A%2523ffffff%253B%257D%250Abody%252Cdiv%252Cp%252Ca%2520%257Bmargin%253A0%253Bpadding%253A0%253Boutline%253Anone%253Buser-select%253Anone%253B-moz-user-select%253Anone%253B-khtml-user-select%253Anone%253B%257D%250A.offscrn%257Bclip%253Arect%25280%25200%25200%25200%2529%253Bposition%253Aabsolute%253Btop%253A0%253Bleft%253A0%253Bmargin%253A0%253Bpadding%253A0%253Bfont-size%253A.1em%253B%257D%250A%250A%2523adlinks%2520%257Bposition%253Arelative%253Bwidth%253A400px%253Bmargin%253A0%2520auto%253Bfont%253A11px%2520arial%253Bz-index%253A100%253B%257D%250A%2523adlinks%2520p%2520%257Bposition%253Aabsolute%253Btext-align%253Aright%253Bright%253A90px%253Btop%253A15px%253B%257D%250A%2523adlinks%252C%2523adlinks%2520a%2520%257Bcolor%253A%2523999%253B%257D%250A%2523adlinks%2520a%2520%257Bmargin%253A0%25205px%253Btext-decoration%253Anone%253B%257D%250A.can_ad_slug%257Bpadding%253A0px%252015px%25200px%25200px%253Bbackground%253Aurl%2528%2527https%253A//s.yimg.com/lq/lib/can_interstitial/icons/adchoice_1.4.png%2527%2529%2520no-repeat%2520right%253B%257D%250A%250A%2523richad%257Bheight%253A778px%253Bwidth%253A1440px%253Boverflow%253Ahidden%253Bposition%253Arelative%253Bmargin%253A0%2520auto%253Bbackground-repeat%253Ano-repeat%253Bbackground-position%253Acenter%2520top%253B%257D%250A.hotspot%257Bposition%253Aabsolute%253Bdisplay%253Ablock%253Bz-index%253A10%253Boutline%253Anone%253B%257D%250A.hotspot%2520img%2520%257Bdisplay%253Ablock%253B%257D%250A%250A%250A%2523hotspot_main%257Bz-index%253A9%253Bwidth%253A400px%253Bmargin%253A0%2520auto%253Bposition%253Arelative%253B%257D%250A%2523hotspot_main%2520.hotspot%257Bposition%253Aabsolute%253Bright%253A95px%253Btop%253A40px%253B%257D%250A%250A%253C/style%253E%250A%253Ch1%2520class%253D%2522offscrn%2522%253EADVERTISEMENT%253A%2520Yahoo%2521%2520Mail%2520-%2520Yahoo%2521%2520Mail%253C/h1%253E%250A%250A%253Cdiv%2520id%253D%2522richad%2522%253E%250A%250A%250A%250A%253Cdiv%2520id%253D%2522hotspot_main%2522%253E%253Ca%2520href%253D%2522https%253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXX/1/*http%253A//global.ard.yahoo.com/SIG%253D15ldr6j02/M%253D999999.999999.999999.999999/D%253Dreglsa/S%253D150002534%253ARICH/Y%253DYAHOO/EXP%253D1361860420/L%253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B%253D7MZpAEJe5r0-/J%253D1361853220898291/K%253DWi7lhJRy4.KLSF_ca7oQFA/A%253D6726677066711120005/R%253D0/X%253D6/id%253Dwp_main450bg/SIG%253D111u2frme/*http%253A//overview.mail.yahoo.com/%2522%2520target%253D%2522_blank%2522%2520class%253D%2522hotspot%2522%253E%253Cimg%2520src%253D%2522https%253A//s.yimg.com/lq/i/ww/eyc/p.gif%2522%2520height%253D%2522450%2522%2520width%253D%2522450%2522%2520border%253D%25220%2522%2520alt%253D%2522%2522%2520/%253E%253C/a%253E%253C/div%253E%250A%250A%253Cdiv%2520id%253D%2522adlinks%2522%253E%253Cp%253E%253Ca%2520href%253D%2522https%253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXXXXXX/1/*http%253A//info.yahoo.com/relevantads/%2522%2520class%253D%2522can_ad_slug%2522%2520target%253D%2522_blank%2522%253EAdChoices%253C/a%253E%253C/p%253E%253C/div%253E%250A%253C/div%253E%250A%250A%253Cscript%253E%250Afunction%2520addEvent%2528obj%252Caxn%252Cfxn%2529%257Bif%2528window.attachEvent%2529obj.attachEvent%2528%2522on%2522+axn%252Cfxn%2529%253Belse%2520obj.addEventListener%2528axn%252Cfxn%252C0%2529%253B%257D%250Afunction%2520adTRK%2528t%2529%257Bif%2528t%2529%257Bvar%2520i%253Dnew%2520Image%253Bi.onload%253Dfunction%2528%2529%257B%257D%253Bi.src%253Dt%253B%257D%257D%250Afunction%2520ad_init%2528%2529%2520%257B%250A%2509document.getElementById%2528%2522richad%2522%2529.style.backgroundImage%2520%253D%2520%2522url%2528https%253A//s.yimg.com/cv/ae/uns/audience/121227/1440x1024ltodrz9hd.jpg%2529%2522%253B%2520%250A%2509%2509%257D%250AaddEvent%2528window%252C%2522load%2522%252C%2520function%2528%2529%257BsetTimeout%2528ad_init%252C1%2529%253B%257D%2529%253B%250A%253C/script%253E%250A%253C%2521--%2520https%253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXX/2/*http%253A//global.ard.yahoo.com/SIG%253D15ldr6j02/M%253D999999.999999.999999.999999/D%253Dreglsa/S%253D150002534%253ARICH/Y%253DYAHOO/EXP%253D1361860420/L%253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B%253D7MZpAEJe5r0-/J%253D1361853220898291/K%253DWi7lhJRy4.KLSF_ca7oQFA/A%253D6726677066711120005/R%253D1/X%253D6/*%2520--%253E%253C%2521--QYZ%25201603559051%252C3112176051%252C98.138.38.71%253B%253BRICH%253B150002534%253B1%253B--%253E&lowHTML=&hasExternal=false&cscHTML=&en=&behavior=non_exp&hasErr=&aID=6726677066711120005&matchID=999999.999999.999999.999999&bookID=1603559051&serveType=-1&slotID=2&guid=darla%3Arender_1361853218194_79&renderClass=&startTime=1361853218196&a=extSecure&geom=win%253Dt%25253D-9%252526l%25253D-9%252526b%25253D606%252526r%25253D1357%252526w%25253D1366%252526h%25253D615%252526%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1345%252526b%25253D594%252526w%25253D1345%252526h%25253D594%252526z%25253Dauto%252526%2526exp%253Dt%25253D0%252526l%25253D0%252526r%25253D0%252526b%25253D0%252526xs%25253D0%252526ys%25253D0%252526w%25253D0%252526h%25253D0%252526%2526self%253Dt%25253D0%252526l%25253D0%252526r%25253D0%252526b%25253D0%252526w%25253D0%252526h%25253D0%252526z%25253D0%252526iv%25253D0%252526xiv%25253D0%252526yiv%25253D0%252526%2526&dm=yahoo.com&id=adFrame&src=https%3A//s.yimg.com/rq/darla/2-4-4/html/ext-render-secure.html&srcHost=https%3A//s.yimg.com&host=https%3A//login.yahoo.com&proxyID=&html5=1&proxyPath=&" to "clean iframeHolder&dest adFrame&w 1920&h 1024&css  2523fc_align 2520 257B 2520width 253A100 2525 253Bmin-width 253A1920px 253Bmargin-left 253Aauto 253Bmargin-right 253Aauto 253Bdisplay 253Ainline-block 253Btext-align 253Acenter 253B 2520 257D&pos RICH&bg transparent&tgt _blank&z 0&supports false&size 1440x1024&fr &html  253C 2521--Property 2520fallback 2520ad-- 253E 2520 250A 253C 2521--Vendor 253A 2520Yahoo 252C 2520Format 253A 2520Login 2520Ad 2520- 2520Static 252C 2520Name 253A 2520Login 2520Ad-- 253E 250A 253Cstyle 253E 250Ahtml 2520 257Bbackground-color 253A 2523ffffff 253B 257D 250Abody 252Cdiv 252Cp 252Ca 2520 257Bmargin 253A0 253Bpadding 253A0 253Boutline 253Anone 253Buser-select 253Anone 253B-moz-user-select 253Anone 253B-khtml-user-select 253Anone 253B 257D 250A.offscrn 257Bclip 253Arect 25280 25200 25200 25200 2529 253Bposition 253Aabsolute 253Btop 253A0 253Bleft 253A0 253Bmargin 253A0 253Bpadding 253A0 253Bfont-size 253A.1em 253B 257D 250A 250A 2523adlinks 2520 257Bposition 253Arelative 253Bwidth 253A400px 253Bmargin 253A0 2520auto 253Bfont 253A11px 2520arial 253Bz-index 253A100 253B 257D 250A 2523adlinks 2520p 2520 257Bposition 253Aabsolute 253Btext-align 253Aright 253Bright 253A90px 253Btop 253A15px 253B 257D 250A 2523adlinks 252C 2523adlinks 2520a 2520 257Bcolor 253A 2523999 253B 257D 250A 2523adlinks 2520a 2520 257Bmargin 253A0 25205px 253Btext-decoration 253Anone 253B 257D 250A.can_ad_slug 257Bpadding 253A0px 252015px 25200px 25200px 253Bbackground 253Aurl 2528 2527https 253A//s.yimg.com/lq/lib/can_interstitial/icons/adchoice_1.4.png 2527 2529 2520no-repeat 2520right 253B 257D 250A 250A 2523richad 257Bheight 253A778px 253Bwidth 253A1440px 253Boverflow 253Ahidden 253Bposition 253Arelative 253Bmargin 253A0 2520auto 253Bbackground-repeat 253Ano-repeat 253Bbackground-position 253Acenter 2520top 253B 257D 250A.hotspot 257Bposition 253Aabsolute 253Bdisplay 253Ablock 253Bz-index 253A10 253Boutline 253Anone 253B 257D 250A.hotspot 2520img 2520 257Bdisplay 253Ablock 253B 257D 250A 250A 250A 2523hotspot_main 257Bz-index 253A9 253Bwidth 253A400px 253Bmargin 253A0 2520auto 253Bposition 253Arelative 253B 257D 250A 2523hotspot_main 2520.hotspot 257Bposition 253Aabsolute 253Bright 253A95px 253Btop 253A40px 253B 257D 250A 250A 253C/style 253E 250A 253Ch1 2520class 253D 2522offscrn 2522 253EADVERTISEMENT 253A 2520Yahoo 2521 2520Mail 2520- 2520Yahoo 2521 2520Mail 253C/h1 253E 250A 250A 253Cdiv 2520id 253D 2522richad 2522 253E 250A 250A 250A 250A 253Cdiv 2520id 253D 2522hotspot_main 2522 253E 253Ca 2520href 253D 2522https 253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXX/1/*http 253A//global.ard.yahoo.com/SIG 253D15ldr6j02/M 253D999999.999999.999999.999999/D 253Dreglsa/S 253D150002534 253ARICH/Y 253DYAHOO/EXP 253D1361860420/L 253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B 253D7MZpAEJe5r0-/J 253D1361853220898291/K 253DWi7lhJRy4.KLSF_ca7oQFA/A 253D6726677066711120005/R 253D0/X 253D6/id 253Dwp_main450bg/SIG 253D111u2frme/*http 253A//overview.mail.yahoo.com/ 2522 2520target 253D 2522_blank 2522 2520class 253D 2522hotspot 2522 253E 253Cimg 2520src 253D 2522https 253A//s.yimg.com/lq/i/ww/eyc/p.gif 2522 2520height 253D 2522450 2522 2520width 253D 2522450 2522 2520border 253D 25220 2522 2520alt 253D 2522 2522 2520/ 253E 253C/a 253E 253C/div 253E 250A 250A 253Cdiv 2520id 253D 2522adlinks 2522 253E 253Cp 253E 253Ca 2520href 253D 2522https 253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXXXXX/1/*http 253A//info.yahoo.com/relevantads/ 2522 2520class 253D 2522can_ad_slug 2522 2520target 253D 2522_blank 2522 253EAdChoices 253C/a 253E 253C/p 253E 253C/div 253E 250A 253C/div 253E 250A 250A 253Cscript 253E 250Afunction 2520addEvent 2528obj 252Caxn 252Cfxn 2529 257Bif 2528window.attachEvent 2529obj.attachEvent 2528 2522on 2522+axn 252Cfxn 2529 253Belse 2520obj.addEventListener 2528axn 252Cfxn 252C0 2529 253B 257D 250Afunction 2520adTRK 2528t 2529 257Bif 2528t 2529 257Bvar 2520i 253Dnew 2520Image 253Bi.onload 253Dfunction 2528 2529 257B 257D 253Bi.src 253Dt 253B 257D 257D 250Afunction 2520ad_init 2528 2529 2520 257B 250A 2509document.getElementById 2528 2522richad 2522 2529.style.backgroundImage 2520 253D 2520 2522url 2528https 253A//s.yimg.com/cv/ae/uns/audience/121227/1440x1024ltodrz9hd.jpg 2529 2522 253B 2520 250A 2509 2509 257D 250AaddEvent 2528window 252C 2522load 2522 252C 2520function 2528 2529 257BsetTimeout 2528ad_init 252C1 2529 253B 257D 2529 253B 250A 253C/script 253E 250A 253C 2521-- 2520https 253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXX/2/*http 253A//global.ard.yahoo.com/SIG 253D15ldr6j02/M 253D999999.999999.999999.999999/D 253Dreglsa/S 253D150002534 253ARICH/Y 253DYAHOO/EXP 253D1361860420/L 253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B 253D7MZpAEJe5r0-/J 253D1361853220898291/K 253DWi7lhJRy4.KLSF_ca7oQFA/A 253D6726677066711120005/R 253D1/X 253D6/* 2520-- 253E 253C 2521--QYZ 25201603559051 252C3112176051 252C98.138.38.71 253B 253BRICH 253B150002534 253B1 253B-- 253E&lowHTML &hasExternal false&cscHTML &en &behavior non_exp&hasErr &aID 6726677066711120005&matchID 999999.999999.999999.999999&bookID 1603559051&serveType -1&slotID 2&guid darla 3Arender_1361853218194_79&renderClass &startTime 1361853218196&a extSecure&geom win 253Dt 25253D-9 252526l 25253D-9 252526b 25253D606 252526r 25253D1357 252526w 25253D1366 252526h 25253D615 252526 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1345 252526b 25253D594 252526w 25253D1345 252526h 25253D594 252526z 25253Dauto 252526 2526exp 253Dt 25253D0 252526l 25253D0 252526r 25253D0 252526b 25253D0 252526xs 25253D0 252526ys 25253D0 252526w 25253D0 252526h 25253D0 252526 2526self 253Dt 25253D0 252526l 25253D0 252526r 25253D0 252526b 25253D0 252526w 25253D0 252526h 25253D0 252526z 25253D0 252526iv 25253D0 252526xiv 25253D0 252526yiv 25253D0 252526 2526&dm yahoo.com&id adFrame&src https 3A//s.yimg.com/rq/darla/2-4-4/html/ext-render-secure.html&srcHost https 3A//s.yimg.com&host https 3A//login.yahoo.com&proxyID &html5 1&proxyPath &".

[Tom T.]

For a bit more functionality, you need yahoo.com & yimg.com. For the "sign out" button to even show, you then yahooapis.com.

I don't allow www dot yahoo.com at all. I don't allow yahooapis except temporarily as needed, and I sign out by closing the browser, or if other tabs open and being logged in is bothersome for some reason, just delete the cookies manually. Avoids annoying redirects, not to mention XSS issues.
More restrictive whitelist:

mail.yahoo.com
yimg.com

Perhaps this is why I don't see the message. Is this a possible workaround?

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in /..../login.yahoo.com..../www.yahoo.com

I don't allow login.yahoo.com either, and the login seems to work fine. As mentioned, www dot yahoo also not allowed. Should eliminate this part of the message.

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://us.lrd.yahoo.com/.... 

I don't allow lrd.yahoo.com, and have never seen the need. Another step to take?


O/T: In a PM, Giorgio told me that he has relaxed the filter to the point where he hopes the messages can be posted successfully.

@ yahoo mail user, n/k/a ymu01:

IIUC, the spam filter is more aggressive against guest posters than against registered users. Do you wish to test both this and Giorgio's tweaks to see if you can now post the XSS messages?

[Giorgio Maone]

These are false positive caused by a recent (Gecko 18) change in how the Function.prototype.toSource() method works (it doesn't normalize the source and strip out comments anymore).
I'm looking for work-arounds, thanks.

[ymu01]

Since you mentioned it, I've been doing what you said, Tom - closing my browser after every mail visit.

How do I get NS to show me subdomains and not just top-level domains?




OT: Here's the code again to see if it triggers the spam filter when a regular user is logged in:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///_ylt=AjzThpeXJovMGgSNaakyTK9hk70X/SIG=14sejbkjh/EXP=1363062801/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US
(function anonymous() {
EXP=1363062801/**http`//login.yahoo.com/config/login`=1%26.direct=2%26.done=http`//www.yahoo.com`;.src=ym` /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://us.lrd.yahoo.com/_ylt=AjzThpeXJovMGgSNaakyTK9hk70X/SIG=14sejbkjh/EXP=1363062801/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US] requested from [http://us.mcXXXX.mail.yahoo.com/mc/welcome?.gx=0&.tm=1361853201&.rand=952kfd0ts3bqv]. Sanitized URL: [http://us.lrd.yahoo.com/_ylt%20AjzThpeXJovMGgSNaakyTK9hk70X/SIG%2014sejbkjh/EXP%201363062801/**http://login.yahoo.com/config/login%3Flogout%201&.direct%202&.done%20http://www.yahoo.com&.src%20ym&.intl%20us&.lang%20en-US#8053796949080491876].

Code: Select all

[NoScript InjectionChecker] HTML injection:
<style
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:e(?:rror(?:update)?|nd)|c(?:o(?:nt(?:extmenu|rolselect)|py)|ut|lick|(?:ellc)?hange)|m(?:o(?:ve(?:end|start)?|use(?:o(?:ut|ver)|up|(?:mo|lea)ve|down|wheel|enter))|essage)|lo(?:ad|secapture)|d(?:r(?:ag(?:en(?:d|ter)|drop|over|leave|start)?|op)|ata(?:setc(?:hanged|omplete)|available)|blclick|eactivate)|s(?:t(?:op|art)|elect(?:start)?|croll|ubmit)|b(?:e(?:for(?:e(?:c(?:ut|opy)|p(?:aste|rint)|u(?:pdate|nload)|activate|editfocus)|deactivate)|gin)|lur|ounce)|p(?:ast|ropertychang)e|key(?:up|down|press)|f(?:o(?:cus(?:in|out)?|rm(?:input|change))|i(?:nish|lterchange))|in(?:put|valid)|a(?:fter(?:print|update)|bort|ctivate)|r(?:e(?:s(?:et|ize)|peat|adystatechange)|ow(?:e(?:xit|nter)|s(?:delete|inserted)))|zoom|help|unload))[\s\x08]*=

Code: Select all

[NoScript XSS]: sanitized window.name, "clean=iframeHolder&dest=adFrame&w=1920&h=1024&css=%2523fc_align%2520%257B%2520width%253A100%2525%253Bmin-width%253A1920px%253Bmargin-left%253Aauto%253Bmargin-right%253Aauto%253Bdisplay%253Ainline-block%253Btext-align%253Acenter%253B%2520%257D&pos=RICH&bg=transparent&tgt=_blank&z=0&supports=false&size=1440x1024&fr=&html=%253C%2521--Property%2520fallback%2520ad--%253E%2520%250A%253C%2521--Vendor%253A%2520Yahoo%252C%2520Format%253A%2520Login%2520Ad%2520-%2520Static%252C%2520Name%253A%2520Login%2520Ad--%253E%250A%253Cstyle%253E%250Ahtml%2520%257Bbackground-color%253A%2523ffffff%253B%257D%250Abody%252Cdiv%252Cp%252Ca%2520%257Bmargin%253A0%253Bpadding%253A0%253Boutline%253Anone%253Buser-select%253Anone%253B-moz-user-select%253Anone%253B-khtml-user-select%253Anone%253B%257D%250A.offscrn%257Bclip%253Arect%25280%25200%25200%25200%2529%253Bposition%253Aabsolute%253Btop%253A0%253Bleft%253A0%253Bmargin%253A0%253Bpadding%253A0%253Bfont-size%253A.1em%253B%257D%250A%250A%2523adlinks%2520%257Bposition%253Arelative%253Bwidth%253A400px%253Bmargin%253A0%2520auto%253Bfont%253A11px%2520arial%253Bz-index%253A100%253B%257D%250A%2523adlinks%2520p%2520%257Bposition%253Aabsolute%253Btext-align%253Aright%253Bright%253A90px%253Btop%253A15px%253B%257D%250A%2523adlinks%252C%2523adlinks%2520a%2520%257Bcolor%253A%2523999%253B%257D%250A%2523adlinks%2520a%2520%257Bmargin%253A0%25205px%253Btext-decoration%253Anone%253B%257D%250A.can_ad_slug%257Bpadding%253A0px%252015px%25200px%25200px%253Bbackground%253Aurl%2528%2527https%253A//s.yimg.com/lq/lib/can_interstitial/icons/adchoice_1.4.png%2527%2529%2520no-repeat%2520right%253B%257D%250A%250A%2523richad%257Bheight%253A778px%253Bwidth%253A1440px%253Boverflow%253Ahidden%253Bposition%253Arelative%253Bmargin%253A0%2520auto%253Bbackground-repeat%253Ano-repeat%253Bbackground-position%253Acenter%2520top%253B%257D%250A.hotspot%257Bposition%253Aabsolute%253Bdisplay%253Ablock%253Bz-index%253A10%253Boutline%253Anone%253B%257D%250A.hotspot%2520img%2520%257Bdisplay%253Ablock%253B%257D%250A%250A%250A%2523hotspot_main%257Bz-index%253A9%253Bwidth%253A400px%253Bmargin%253A0%2520auto%253Bposition%253Arelative%253B%257D%250A%2523hotspot_main%2520.hotspot%257Bposition%253Aabsolute%253Bright%253A95px%253Btop%253A40px%253B%257D%250A%250A%253C/style%253E%250A%253Ch1%2520class%253D%2522offscrn%2522%253EADVERTISEMENT%253A%2520Yahoo%2521%2520Mail%2520-%2520Yahoo%2521%2520Mail%253C/h1%253E%250A%250A%253Cdiv%2520id%253D%2522richad%2522%253E%250A%250A%250A%250A%253Cdiv%2520id%253D%2522hotspot_main%2522%253E%253Ca%2520href%253D%2522https%253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXX/1/*http%253A//global.ard.yahoo.com/SIG%253D15ldr6j02/M%253D999999.999999.999999.999999/D%253Dreglsa/S%253D150002534%253ARICH/Y%253DYAHOO/EXP%253D1361860420/L%253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B%253D7MZpAEJe5r0-/J%253D1361853220898291/K%253DWi7lhJRy4.KLSF_ca7oQFA/A%253D6726677066711120005/R%253D0/X%253D6/id%253Dwp_main450bg/SIG%253D111u2frme/*http%253A//overview.mail.yahoo.com/%2522%2520target%253D%2522_blank%2522%2520class%253D%2522hotspot%2522%253E%253Cimg%2520src%253D%2522https%253A//s.yimg.com/lq/i/ww/eyc/p.gif%2522%2520height%253D%2522450%2522%2520width%253D%2522450%2522%2520border%253D%25220%2522%2520alt%253D%2522%2522%2520/%253E%253C/a%253E%253C/div%253E%250A%250A%253Cdiv%2520id%253D%2522adlinks%2522%253E%253Cp%253E%253Ca%2520href%253D%2522https%253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXXXXXX/1/*http%253A//info.yahoo.com/relevantads/%2522%2520class%253D%2522can_ad_slug%2522%2520target%253D%2522_blank%2522%253EAdChoices%253C/a%253E%253C/p%253E%253C/div%253E%250A%253C/div%253E%250A%250A%253Cscript%253E%250Afunction%2520addEvent%2528obj%252Caxn%252Cfxn%2529%257Bif%2528window.attachEvent%2529obj.attachEvent%2528%2522on%2522+axn%252Cfxn%2529%253Belse%2520obj.addEventListener%2528axn%252Cfxn%252C0%2529%253B%257D%250Afunction%2520adTRK%2528t%2529%257Bif%2528t%2529%257Bvar%2520i%253Dnew%2520Image%253Bi.onload%253Dfunction%2528%2529%257B%257D%253Bi.src%253Dt%253B%257D%257D%250Afunction%2520ad_init%2528%2529%2520%257B%250A%2509document.getElementById%2528%2522richad%2522%2529.style.backgroundImage%2520%253D%2520%2522url%2528https%253A//s.yimg.com/cv/ae/uns/audience/121227/1440x1024ltodrz9hd.jpg%2529%2522%253B%2520%250A%2509%2509%257D%250AaddEvent%2528window%252C%2522load%2522%252C%2520function%2528%2529%257BsetTimeout%2528ad_init%252C1%2529%253B%257D%2529%253B%250A%253C/script%253E%250A%253C%2521--%2520https%253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXX/2/*http%253A//global.ard.yahoo.com/SIG%253D15ldr6j02/M%253D999999.999999.999999.999999/D%253Dreglsa/S%253D150002534%253ARICH/Y%253DYAHOO/EXP%253D1361860420/L%253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B%253D7MZpAEJe5r0-/J%253D1361853220898291/K%253DWi7lhJRy4.KLSF_ca7oQFA/A%253D6726677066711120005/R%253D1/X%253D6/*%2520--%253E%253C%2521--QYZ%25201603559051%252C3112176051%252C98.138.38.71%253B%253BRICH%253B150002534%253B1%253B--%253E&lowHTML=&hasExternal=false&cscHTML=&en=&behavior=non_exp&hasErr=&aID=6726677066711120005&matchID=999999.999999.999999.999999&bookID=1603559051&serveType=-1&slotID=2&guid=darla%3Arender_1361853218194_79&renderClass=&startTime=1361853218196&a=extSecure&geom=win%253Dt%25253D-9%252526l%25253D-9%252526b%25253D606%252526r%25253D1357%252526w%25253D1366%252526h%25253D615%252526%2526par%253Dt%25253D0%252526l%25253D0%252526r%25253D1345%252526b%25253D594%252526w%25253D1345%252526h%25253D594%252526z%25253Dauto%252526%2526exp%253Dt%25253D0%252526l%25253D0%252526r%25253D0%252526b%25253D0%252526xs%25253D0%252526ys%25253D0%252526w%25253D0%252526h%25253D0%252526%2526self%253Dt%25253D0%252526l%25253D0%252526r%25253D0%252526b%25253D0%252526w%25253D0%252526h%25253D0%252526z%25253D0%252526iv%25253D0%252526xiv%25253D0%252526yiv%25253D0%252526%2526&dm=yahoo.com&id=adFrame&src=https%3A//s.yimg.com/rq/darla/2-4-4/html/ext-render-secure.html&srcHost=https%3A//s.yimg.com&host=https%3A//login.yahoo.com&proxyID=&html5=1&proxyPath=&" to "clean iframeHolder&dest adFrame&w 1920&h 1024&css  2523fc_align 2520 257B 2520width 253A100 2525 253Bmin-width 253A1920px 253Bmargin-left 253Aauto 253Bmargin-right 253Aauto 253Bdisplay 253Ainline-block 253Btext-align 253Acenter 253B 2520 257D&pos RICH&bg transparent&tgt _blank&z 0&supports false&size 1440x1024&fr &html  253C 2521--Property 2520fallback 2520ad-- 253E 2520 250A 253C 2521--Vendor 253A 2520Yahoo 252C 2520Format 253A 2520Login 2520Ad 2520- 2520Static 252C 2520Name 253A 2520Login 2520Ad-- 253E 250A 253Cstyle 253E 250Ahtml 2520 257Bbackground-color 253A 2523ffffff 253B 257D 250Abody 252Cdiv 252Cp 252Ca 2520 257Bmargin 253A0 253Bpadding 253A0 253Boutline 253Anone 253Buser-select 253Anone 253B-moz-user-select 253Anone 253B-khtml-user-select 253Anone 253B 257D 250A.offscrn 257Bclip 253Arect 25280 25200 25200 25200 2529 253Bposition 253Aabsolute 253Btop 253A0 253Bleft 253A0 253Bmargin 253A0 253Bpadding 253A0 253Bfont-size 253A.1em 253B 257D 250A 250A 2523adlinks 2520 257Bposition 253Arelative 253Bwidth 253A400px 253Bmargin 253A0 2520auto 253Bfont 253A11px 2520arial 253Bz-index 253A100 253B 257D 250A 2523adlinks 2520p 2520 257Bposition 253Aabsolute 253Btext-align 253Aright 253Bright 253A90px 253Btop 253A15px 253B 257D 250A 2523adlinks 252C 2523adlinks 2520a 2520 257Bcolor 253A 2523999 253B 257D 250A 2523adlinks 2520a 2520 257Bmargin 253A0 25205px 253Btext-decoration 253Anone 253B 257D 250A.can_ad_slug 257Bpadding 253A0px 252015px 25200px 25200px 253Bbackground 253Aurl 2528 2527https 253A//s.yimg.com/lq/lib/can_interstitial/icons/adchoice_1.4.png 2527 2529 2520no-repeat 2520right 253B 257D 250A 250A 2523richad 257Bheight 253A778px 253Bwidth 253A1440px 253Boverflow 253Ahidden 253Bposition 253Arelative 253Bmargin 253A0 2520auto 253Bbackground-repeat 253Ano-repeat 253Bbackground-position 253Acenter 2520top 253B 257D 250A.hotspot 257Bposition 253Aabsolute 253Bdisplay 253Ablock 253Bz-index 253A10 253Boutline 253Anone 253B 257D 250A.hotspot 2520img 2520 257Bdisplay 253Ablock 253B 257D 250A 250A 250A 2523hotspot_main 257Bz-index 253A9 253Bwidth 253A400px 253Bmargin 253A0 2520auto 253Bposition 253Arelative 253B 257D 250A 2523hotspot_main 2520.hotspot 257Bposition 253Aabsolute 253Bright 253A95px 253Btop 253A40px 253B 257D 250A 250A 253C/style 253E 250A 253Ch1 2520class 253D 2522offscrn 2522 253EADVERTISEMENT 253A 2520Yahoo 2521 2520Mail 2520- 2520Yahoo 2521 2520Mail 253C/h1 253E 250A 250A 253Cdiv 2520id 253D 2522richad 2522 253E 250A 250A 250A 250A 253Cdiv 2520id 253D 2522hotspot_main 2522 253E 253Ca 2520href 253D 2522https 253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXX/1/*http 253A//global.ard.yahoo.com/SIG 253D15ldr6j02/M 253D999999.999999.999999.999999/D 253Dreglsa/S 253D150002534 253ARICH/Y 253DYAHOO/EXP 253D1361860420/L 253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B 253D7MZpAEJe5r0-/J 253D1361853220898291/K 253DWi7lhJRy4.KLSF_ca7oQFA/A 253D6726677066711120005/R 253D0/X 253D6/id 253Dwp_main450bg/SIG 253D111u2frme/*http 253A//overview.mail.yahoo.com/ 2522 2520target 253D 2522_blank 2522 2520class 253D 2522hotspot 2522 253E 253Cimg 2520src 253D 2522https 253A//s.yimg.com/lq/i/ww/eyc/p.gif 2522 2520height 253D 2522450 2522 2520width 253D 2522450 2522 2520border 253D 25220 2522 2520alt 253D 2522 2522 2520/ 253E 253C/a 253E 253C/div 253E 250A 250A 253Cdiv 2520id 253D 2522adlinks 2522 253E 253Cp 253E 253Ca 2520href 253D 2522https 253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXXXXXXXXXXX/1/*http 253A//info.yahoo.com/relevantads/ 2522 2520class 253D 2522can_ad_slug 2522 2520target 253D 2522_blank 2522 253EAdChoices 253C/a 253E 253C/p 253E 253C/div 253E 250A 253C/div 253E 250A 250A 253Cscript 253E 250Afunction 2520addEvent 2528obj 252Caxn 252Cfxn 2529 257Bif 2528window.attachEvent 2529obj.attachEvent 2528 2522on 2522+axn 252Cfxn 2529 253Belse 2520obj.addEventListener 2528axn 252Cfxn 252C0 2529 253B 257D 250Afunction 2520adTRK 2528t 2529 257Bif 2528t 2529 257Bvar 2520i 253Dnew 2520Image 253Bi.onload 253Dfunction 2528 2529 257B 257D 253Bi.src 253Dt 253B 257D 257D 250Afunction 2520ad_init 2528 2529 2520 257B 250A 2509document.getElementById 2528 2522richad 2522 2529.style.backgroundImage 2520 253D 2520 2522url 2528https 253A//s.yimg.com/cv/ae/uns/audience/121227/1440x1024ltodrz9hd.jpg 2529 2522 253B 2520 250A 2509 2509 257D 250AaddEvent 2528window 252C 2522load 2522 252C 2520function 2528 2529 257BsetTimeout 2528ad_init 252C1 2529 253B 257D 2529 253B 250A 253C/script 253E 250A 253C 2521-- 2520https 253A//clicks.beap.bc.yahoo.com/yc/XXXXXXXXXXXXXX/2/*http 253A//global.ard.yahoo.com/SIG 253D15ldr6j02/M 253D999999.999999.999999.999999/D 253Dreglsa/S 253D150002534 253ARICH/Y 253DYAHOO/EXP 253D1361860420/L 253D4padetG_eirnbpkLUON8ugW1vj4mmFEsOyQADGmd/B 253D7MZpAEJe5r0-/J 253D1361853220898291/K 253DWi7lhJRy4.KLSF_ca7oQFA/A 253D6726677066711120005/R 253D1/X 253D6/* 2520-- 253E 253C 2521--QYZ 25201603559051 252C3112176051 252C98.138.38.71 253B 253BRICH 253B150002534 253B1 253B-- 253E&lowHTML &hasExternal false&cscHTML &en &behavior non_exp&hasErr &aID 6726677066711120005&matchID 999999.999999.999999.999999&bookID 1603559051&serveType -1&slotID 2&guid darla 3Arender_1361853218194_79&renderClass &startTime 1361853218196&a extSecure&geom win 253Dt 25253D-9 252526l 25253D-9 252526b 25253D606 252526r 25253D1357 252526w 25253D1366 252526h 25253D615 252526 2526par 253Dt 25253D0 252526l 25253D0 252526r 25253D1345 252526b 25253D594 252526w 25253D1345 252526h 25253D594 252526z 25253Dauto 252526 2526exp 253Dt 25253D0 252526l 25253D0 252526r 25253D0 252526b 25253D0 252526xs 25253D0 252526ys 25253D0 252526w 25253D0 252526h 25253D0 252526 2526self 253Dt 25253D0 252526l 25253D0 252526r 25253D0 252526b 25253D0 252526w 25253D0 252526h 25253D0 252526z 25253D0 252526iv 25253D0 252526xiv 25253D0 252526yiv 25253D0 252526 2526&dm yahoo.com&id adFrame&src https 3A//s.yimg.com/rq/darla/2-4-4/html/ext-render-secure.html&srcHost https 3A//s.yimg.com&host https 3A//login.yahoo.com&proxyID &html5 1&proxyPath &".

[Tom T.]

How do I get NS to show me subdomains and not just top-level domains?

By searching the NoScript "Features" Page page for "configure appearance", which has links to screenshots as well.

Looks like your code posted OK, so perhaps Giorgio's tweaks to the filter worked. If I have time, perhaps I'll try it as a guest user.

[Giorgio Maone]

These are false positive caused by a recent (Gecko 18) change in how the Function.prototype.toSource() method works (it doesn't normalize the source and strip out comments anymore).
I'm looking for work-arounds, thanks.

Fixed in latest development build 2.6.5.9rc1, thanks.

[Tom T. Guest Account]

Testing whether the spam filter now allows guest users to post XSS messages:

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///_ylt=AjzThpeXJovMGgSNaakyTK9hk70X/SIG=14sejbkjh/EXP=1363062801/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US
(function anonymous() {
EXP=1363062801/**http`//login.yahoo.com/config/login`=1%26.direct=2%26.done=http`//www.yahoo.com`;.src=ym` /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://us.lrd.yahoo.com/_ylt=AjzThpeXJovMGgSNaakyTK9hk70X/SIG=14sejbkjh/EXP=1363062801/**http%3A//login.yahoo.com/config/login%3Flogout=1%26.direct=2%26.done=http%3A//www.yahoo.com%26amp;.src=ym%26amp;.intl=us%26amp;.lang=en-US] requested from [http://us.mcXXXX.mail.yahoo.com/mc/welcome?.gx=0&.tm=1361853201&.rand=952kfd0ts3bqv]. Sanitized URL: [http://us.lrd.yahoo.com/_ylt%20AjzThpeXJovMGgSNaakyTK9hk70X/SIG%2014sejbkjh/EXP%201363062801/**http://login.yahoo.com/config/login%3Flogout%201&.direct%202&.done%20http://www.yahoo.com&.src%20ym&.intl%20us&.lang%20en-US#8053796949080491876].

Code: Select all

[NoScript InjectionChecker] HTML injection:
<style
matches <[^\w<>]*(?:[^<>"'\s]*:)?[^\w<>]*(?:\W*s\W*c\W*r\W*i\W*p\W*t|\W*f\W*o\W*r\W*m|\W*s\W*t\W*y\W*l\W*e|\W*s\W*v\W*g|\W*m\W*a\W*r\W*q\W*u\W*e\W*e|(?:\W*l\W*i\W*n\W*k|\W*o\W*b\W*j\W*e\W*c\W*t|\W*e\W*m\W*b\W*e\W*d|\W*a\W*p\W*p\W*l\W*e\W*t|\W*p\W*a\W*r\W*a\W*m|\W*i?\W*f\W*r\W*a\W*m\W*e|\W*b\W*a\W*s\W*e|\W*b\W*o\W*d\W*y|\W*m\W*e\W*t\W*a|\W*i\W*m\W*a?\W*g\W*e?|\W*v\W*i\W*d\W*e\W*o|\W*a\W*u\W*d\W*i\W*o|\W*b\W*i\W*n\W*d\W*i\W*n\W*g\W*s|\W*s\W*e\W*t|\W*a\W*n\W*i\W*m\W*a\W*t\W*e)[^>\w])|(?:<\w[\s\S]*[\s\/]|['"](?:[\s\S]*[\s\/])?)(?:formaction|style|background|src|lowsrc|ping|on(?:e(?:rror(?:update)?|nd)|c(?:o(?:nt(?:extmenu|rolselect)|py)|ut|lick|(?:ellc)?hange)|m(?:o(?:ve(?:end|start)?|use(?:o(?:ut|ver)|up|(?:mo|lea)ve|down|wheel|enter))|essage)|lo(?:ad|secapture)|d(?:r(?:ag(?:en(?:d|ter)|drop|over|leave|start)?|op)|ata(?:setc(?:hanged|omplete)|available)|blclick|eactivate)|s(?:t(?:op|art)|elect(?:start)?|croll|ubmit)|b(?:e(?:for(?:e(?:c(?:ut|opy)|p(?:aste|rint)|u(?:pdate|nload)|activate|editfocus)|deactivate)|gin)|lur|ounce)|p(?:ast|ropertychang)e|key(?:up|down|press)|f(?:o(?:cus(?:in|out)?|rm(?:input|change))|i(?:nish|lterchange))|in(?:put|valid)|a(?:fter(?:print|update)|bort|ctivate)|r(?:e(?:s(?:et|ize)|peat|adystatechange)|ow(?:e(?:xit|nter)|s(?:delete|inserted)))|zoom|help|unload))[\s\x08]*=

If the post goes through, then it does.