Bank of America Logging Me Out Without JS?

[therube]

Bank of America is now Logging Me Out (actually displaying a timeout message & then actually redirecting to its home page) - Without JS?

Something new (on their end)?
Or something old, aka Mozilla & or NoScript?

SeaMonkey 2.25 (aka FF 28) & NoScript 2.6.8.19rc2


(Normally, regularly, I'd use JS when needed, then disable it. All open BoA pages would remain as they were last, indefinitely.)


https://secure.bankofamerica.com/myaccounts/sec-redirect/signoff.go?source=billpay&timeout=Y

Code: Select all

https://secure.bankofamerica.com/myaccounts/sec-redirect/signoff.go?
https://secure.bankofamerica.com/myaccounts/sec-redirect/signoff-default
https://secure.bankofamerica.com/myaccounts/sec-redirect/signoff.go?pinged=Y

I don't care (& expect) the actual logging out, though I do care about the redirecting away from any screens I'd specifically wanted left open.


Is, has been, enabled: noscript.forbidMetaRefresh;true


Part of the code:

Code: Select all

<script type="text/javascript">
var SessionTimeout = {
TIMEOUT_WARNING_MESSAGE_1  : "For your safety and protection your Online Banking session is about to be timed out if there is no additional activity.",
TIMEOUT_WARNING_MESSAGE_2  : "If you are still working in your Online Banking session simply click OK to continue.",
TITLE_SIGNOFF              : "Bank of America | Online Banking | Automatic Sign Off Alert",
SECURITY_MESSAGE           : "Security Message",
REDIRECT_NOW               : "Redirect now...",
TIMEOUT_MESSAGE            : "For your safety and protection your Online Banking session has been timed out due to inactivity.\n\nThis timeout provides reassurance for your Online Banking safety.\n\nYou must sign in again to resume using your Online Banking.",
imgPath                    : "/sbp/0204b/images/",
timeoutWarningMilliseconds : 18 * 60000,
timeoutSignoutMilliseconds : 2 * 60000,
timerIdWarning             : null,
timerIdSignout             : null,
signoutUrl                 : "wps?rq=so&timeoutso=y&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
resetUrl                   : "wps?rq=timeout&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
IFrameTimeObj              : null,
popupBlocked               : false,
timeoutWarningDiv          : null,
//timeoutWarningIFrame       : null,
popupStylePosition         : ""
};
SessionTimeout.init = function() {
if (SessionTimeout.timeoutWarningMilliseconds > 0) {
SessionTimeout.set();
}
};
SessionTimeout.set = function() {
SessionTimeout.timerIdWarning = setTimeout(SessionTimeout.displayWarning, SessionTimeout.timeoutWarningMilliseconds);
SessionTimeout.timerIdSignout = setTimeout(SessionTimeout.signOut, SessionTimeout.timeoutWarningMilliseconds + SessionTimeout.timeoutSignoutMilliseconds);
};
...

Perhaps only affecting Online Billpay (rather then Online Banking).

[therube]

Pretty sure we've got a regression here.
(2.6.8.17rc1 doesn't exhibit the behavior.)
[I have not checked the FF end.]

[Giorgio Maone]

What message do you get exactly?
Is this an alert box, or a web page?
Could you send me your NoScript Options|Export file?

[therube]

Two pages that did timeout:





Two pages that have not (yet?):





Win7, latest Aurora 2.26a2 20140317013001, NoScript 2.6.8.19rc2

[therube]

And one of those two windows just fired:

[therube]

Options from some dumy Profile, so don't really know what is or is not set?
I did specifically set Forbid META redirections & noscript.autoReload.allTabs;false prior to loading BoA.

Code: Select all

{"prefs":{
"autoReload.embedders":1,
"alwaysShowObjectSources":false,
"filterXGetUserRx":"",
"subscription.lastCheck":-77439019,
"proxiedDNS":0,
"forbidActiveContentParentTrustCheck":true,
"surrogate.enabled":true,
"subscription.untrustedURL":"",
"surrogate.uniblue.sources":"!@.uniblue.com .liutilities.com",
"globalwarning":true,
"forbidExtProtSubdocs":true,
"surrogate.addthis.sources":"s7.addthis.com/*addthis_widget.js",
"surrogate.imagebam.sources":"!@*.imagebam.com",
"sound":false,
"placeholderCollapseOnClose":false,
"surrogate.twitter.replacement":"twttr=(function(){var f=arguments.callee;return f.__noSuchMethod__=f.events=f.anywhere=f})();",
"untrustedGranularity":3,
"filterXExceptions.readability":true,
"forbidXBL":1,
"autoReload.useHistory.exceptCurrent":true,
"forbidBookmarklets":false,
"forbidXSLT":true,
"showPermanent":true,
"hoverUI.delayExit1":250,
"statusLabel":false,
"showPlaceholder":true,
"surrogate.ab_bidvertiser.replacement":"report_error=function(){}",
"notify.hidePermanent":true,
"eraseFloatingElements":true,
"showGlobal":true,
"surrogate.popunder.exceptions":".meebo.com",
"forbidMedia":true,
"allowLocalLinks":false,
"secureCookiesExceptions":"",
"trustEV":false,
"ABE.notify.namedLoopback":false,
"clearClick.plugins":true,
"surrogate.glinks.sources":"!@^https?://[^/]+google\\..*/search",
"alwaysBlockUntrustedContent":true,
"nselNever":false,
"consoleDump":0,
"ABE.wanIpCheckURL":"https://secure.informaction.com/ipecho/",
"STS.expertErrorUI":false,
"jsredirectIgnore":false,
"cp.last":true,
"showDistrust":true,
"sound.block":"chrome://noscript/skin/block.wav",
"xss.notify.subframes":true,
"showRecentlyBlocked":true,
"fixURI":true,
"subscription.checkInterval":24,
"surrogate.picbucks.replacement":"for each(let s in document.getElementsByTagName('script')) { let m = s.textContent.match(/(?:Lbjs\\.TargetUrl\\s*=\\s*|Array\\s*\\().*(\\bhttp[^'\"]*)/); if (m) { location.href = m[1]; break; } }",
"flashPatch":true,
"allowClipboard":false,
"placeholderMinSize":32,
"surrogate.360Haven.sources":"@www.360haven.com",
"inclusionTypeChecking.exceptions":"https://scache.vzw.com/ http://cache.vzw.com .sony-europe.com .amazonaws.com lesscss.googlecode.com/files/ .hp-ww.com .yandex.st",
"surrogate.adagionet.sources":".adagionet.com",
"showDomain":false,
"placesPrefs":false,
"forbidBGRefresh":1,
"inclusionTypeChecking":true,
"forbidData":true,
"removeSMILKeySniffer":true,
"dropXssProtection":true,
"httpsForced":"",
"xss.trustTemp":true,
"forbidJava":true,
"autoReload.allTabsOnPageAction":true,
"surrogate.facebook_connect.sources":"connect.facebook.net/en_US/all.js",
"allowURLBarJS":false,
"filterXExceptions.deviantart":true,
"showUntrustedPlaceholder":true,
"surrogate.adagionet.replacement":"adagioWriteTag=adagioWriteBanner=function(){}",
"surrogate.plusone.replacement":"gapi=(function(){var f=arguments.callee;return f.__noSuchMethod__=f.plusone=f;})();",
"STS.enabled":true,
"surrogate.ab_adsense.replacement":"gaGlobal={}",
"urivalid.mailto":"[^\\x00-\\x08\\x0b\\x0c\\x0e-\\x1f]*",
"surrogate.adriver.replacement":"if(top!==self&&top.location.href===location.href)setTimeout('try{document.close();}catch(e){}',100)",
"jsredirectForceShow":false,
"filterXExceptions.livejournal":true,
"clearClick.rapidFireCheck":true,
"forbidSilverlight":true,
"hoverUI.delayEnter":250,
"forbidXHR":1,
"collapseObject":false,
"surrogate.interstitialBox.replacement":"__defineSetter__('interstitialBox',function(){});__defineGetter__('interstitialBox',function(){return{}})",
"surrogate.skimlinks.replacement":"window.skimlinks=function(){}",
"keys.ui":"ctrl shift S",
"surrogate.dimtus.replacement":"document.querySelector('.overlay_ad').style.display='none'",
"confirmUnsafeReload":true,
"clearClick.prompt":true,
"ef.enabled":false,
"clearClick.debug":false,
"forbidIFramesParentTrustCheck":true,
"showAbout":true,
"lockPrivilegedUI":false,
"frameOptions.enabled":true,
"surrogate.ab_adtiger.replacement":"adspirit_pid={}",
"urivalid.aim":"\\w[^\\\\\\?&\\x00-\\x1f#]*(?:\\?[^\\\\\\x00-\\x1f#]*(?:#[\\w\\-\\.\\+@]{2,32})?)?",
"compat.evernote":true,
"sync.enabled":false,
"surrogate.picbucks.sources":"!*.picbucks.com  http://www.imagebax.com/show.php/*",
"surrogate.popunder.replacement":"(function(){var unloading=false;addEventListener('pagehide',function(){unloading=true;setTimeout(function(){unloading=false},100)},true);var cookie=document.__proto__.__lookupGetter__('cookie');document.__proto__.__defineGetter__('cookie',function() {if(unloading)return cookie.apply(this);var c='; popunder=yes; popundr=yes; setover18=1';return(cookie.apply(this).replace(c,'')+c).replace(/^; /, '')});var fid='_FID_'+(Date.now().toString(16));var open=window.__proto__.open;window.__proto__.open=function(url,target,features){try{if(!(/^_(?:top|parent|self)$/i.test(target)||target in frames)){var suspSrc,suspCall,ff=[],ss=new Error().stack.split('\\n').length;if(/popunde?r/i.test(target))return ko();for(var f,ev,aa=arguments;stackSize-->2&&aa.callee&&(f=aa.callee.caller)&&ff.indexOf(f)<0;ff.push(f)){aa=f.arguments;if(!aa)break;ev=aa[0];suspCall=f.name=='doPopUnder';if(!suspSrc)suspSrc=suspCall||/(?:\\bpopunde?r|\\bfocus\\b.*\\bblur|\\bblur\\b.*\\bfocus|[pP]uShown)\\b/.test(f.toSource());if(suspCall||ev&&typeof ev=='object'&&('type' in ev)&&ev.type=='click'&&ev.button===0&&(ev.currentTarget===document||('tagName' in ev.currentTarget)&&'body'==ev.currentTarget.tagName.toLowerCase())&&!(('href' in ev.target)&&ev.target.href&&(ev.target.href.indexOf(url)===0||url.indexOf(ev.target.href)===0))){if(suspSrc)return ko();}}}}catch(e){}return open.apply(null, arguments);function ko(){var fr=document.getElementById(fid)||document.body.appendChild(document.createElement('iframe'));fr.id=fid;fr.src='data:text/html,';fr.style.display='none';var w=fr.contentWindow;w.blur=function(){};return w;}}})()",
"doNotTrack.forced":"",
"surrogate.imdb.sources":"@*.imdb.com/video/*",
"forbidBGRefresh.exceptions":".mozilla.org",
"truncateTitleLen":255,
"surrogate.revsci.replacement":"rsinetsegs=[];DM_addEncToLoc=DM_tag=function(){};",
"surrogate.ab_adtiger.sources":"^http://ads\\.adtiger\\.",
"contentBlocker":false,
"ABE.enabled":true,
"surrogate.ab_adscale.sources":"js.adscale.de",
"hoverUI.excludeToggling":true,
"allowHttpsOnly":0,
"fixURI.exclude":"",
"logDNS":false,
"ignorePorts":true,
"filterXExceptions.yt_comments":true,
"showBaseDomain":true,
"surrogate.uniblue.replacement":"for each(let l in document.links)if(/^https:\\/\\/store\\./.test(l.href)){l.setAttribute('href',l.href.replace(/.*?:/, ''));l.parentNode.replaceChild(l,l)}",
"xss.trustReloads":false,
"filterXExceptions.yahoo":true,
"filterXExceptions.fbconnect":true,
"secureCookies":false,
"recentlyBlockedCount":10,
"jsredirectFollow":false,
"showTempAllowPage":true,
"allowCachingObjects":true,
"showBlankSources":false,
"filterXExceptions.visa":true,
"smartClickToPlay":true,
"emulateFrameBreak":true,
"hoverUI.delayExit2":300,
"filterXExceptions.lycosmail":true,
"toggle.temp":true,
"surrogate.twitter.sources":"platform.twitter.com",
"allowBookmarkletImports":true,
"showBlockedObjects":true,
"clearClick":3,
"allowedMimeRegExp":"",
"surrogate.imagehaven.replacement":"['agreeCont','TransparentBlack'].forEach(function(id){var o=document.getElementById(id);if(o)o.style.display='none'})",
"oldStylePartial":false,
"audioApiInterception":true,
"forbidMetaRefresh.remember":false,
"hoverUI":true,
"surrogate.dimtus.sources":"!@^http://(?:dimtus|imageteam)\\.(?:com|org)/img-",
"surrogate.digg.replacement":"window.location.href=document.querySelector('link[rel=canonical]').href",
"forbidIFrames":false,
"xss.notify":true,
"docShellJSBlocking":1,
"xss.checkInclusions.exceptions":"intensedebate.com/idc/js/",
"surrogate.nscookie.sources":"@*.facebook.com",
"filterXExceptions.ggadgets":true,
"notify.bottom":true,
"surrogate.adriver.sources":"ad.adriver.ru/cgi-bin/erle.cgi",
"xss.trustData":true,
"placeholderLongTip":true,
"doNotTrack.enabled":true,
"menuAccelerators":false,
"allowBookmarks":false,
"surrogate.adfly.sources":"@^https?://adf.ly/\\d+/",
"secureCookiesForced":"",
"noping":true,
"showAddress":false,
"frameOptions.parentWhitelist":"https://mail.google.com/*",
"filterXGetRx":"<+(?=[^<>=\\-\\d\\. /\\(])|[\\\\\"\\x00-\\x07\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F]",
"global":false,
"secureCookies.recycle":false,
"ABE.skipBrowserRequests":true,
"showTempToPerm":true,
"stickyUI.onKeyboard":true,
"surrogate.qs.replacement":"window.quantserve=function(){}",
"surrogate.modpagespeed.sources":"!@^https?:",
"liveConnectInterception":true,
"filterXPost":true,
"fixLinks":true,
"canonicalFQDN":false,
"keys.revokeTemp":"",
"ABE.notify":true,
"allowURLBarImports":false,
"subscription.trustedURL":"",
"keys.toggle":"ctrl shift VK_BACK_SLASH.|",
"surrogate.yieldman.replacement":"rmAddKey=rmAddCustomKey=rmShowAd=rmShowPop=rmShowInterstitial=rmGetQueryParameters=rmGetSize=rmGetWindowUrl=rmGetPubRedirect=rmGetClickUrl=rmReplace=rmTrim=rmUrlEncode=rmCanShowPop=rmCookieExists=rmWritePopFrequencyCookie=rmWritePopExpirationCookie=flashIntalledCookieExists=writeFlashInstalledCookie=flashDetection=rmGetCookie=function(){}",
"autoReload":true,
"surrogate.revsci.sources":"js.revsci.net",
"autoAllow":0,
"notify.hide":false,
"injectionCheckHTML":true,
"surrogate.360Haven.replacement":"Object.defineProperty(window,'adblock',{get:function() false,set: function() false});Object.defineProperty(window,'google_ad_client',{get: function () { return {__noSuchMethod__: function() this}}});Object.defineProperty(window.HTMLBodyElement.prototype,'innerHTML',{get:function() ''});",
"surrogate.modpagespeed.replacement":"let s=document.querySelector('noscript>meta[http-equiv=refresh]+style');if(s)s.parentNode.removeChild(s)",
"surrogate.interstitialBox.sources":"@*.imagevenue.com",
"surrogate.popunder.sources":"@^http:\\/\\/[\\w\\-\\.]+\\.[a-z]+ wyciwyg:",
"surrogate.facebook_connect.replacement":"FB=(function(){var f=arguments.callee;return f.__noSuchMethod__=f.Event=f;})();",
"secureCookies.perTab":false,
"filterXExceptions.ebay":true,
"surrogate.plusone.sources":"apis.google.com/js/plusone.js",
"forbidFlash":true,
"filterXExceptions":"^https?://([a-z]+)\\.google\\.(?:[a-z]{1,3}\\.)?[a-z]+/(?:search|custom|\\1)\\?\n^https?://([a-z]*)\\.?search\\.yahoo\\.com/search(?:\\?|/\\1\\b)\n^https?://[a-z]+\\.wikipedia\\.org/wiki/[^\"<>\\?%]+$\n^https?://translate\\.google\\.com/translate_t[^\"'<>\\?%]+$\n^https://secure\\.wikimedia\\.org/wikipedia/[a-z]+/wiki/[^\"<>\\?%]+$",
"forbidFrames":false,
"forbidIFramesContext":3,
"utf7filter":true,
"forbidMetaRefresh.exceptions":"^https?://(?:www|encrypted)\\.google\\.(?:[a-z]{2,3}|[a-z]2\\.[a-z]{2,3})/ t.co",
"surrogate.ga.replacement":"(function(){var _0=function(){return _0;};_0.__noSuchMethod__=_0;with(window)urchinTracker=_0,_gaq={__noSuchMethod__:_0,push:function(f){if(typeof f=='function')f();else if(f&&f.shift&&f[0]in this)this[f.shift()].apply(this,f)},_link:function(h){if(h)location.href=h},_linkByPost:function(f){if(f&&f.submit)f.submit();return true},_getLinkerUrl:function(u){return u},_trackEvent:_0},_gat={__noSuchMethod__:function(){return _gaq}}})()",
"firstRunRedirection":true,
"whitelistRegExp":"",
"allowPageLevel":0,
"surrogate.ab_binlayer.sources":"^http://view\\.binlay(?:er)\\.",
"injectionCheckPost":true,
"ABE.migration":1,
"autoReload.allTabsOnGlobal":false,
"surrogate.glinks.replacement":"for each(let et in ['focus','mouseover','mousedown','click'])addEventListener(et,function(e){var a=e.target,href=a.href&&a.getAttribute&&a.getAttribute('href');if(href&&/^(?:http|\\/url)/.test(href)&&!a._href){a._href=a.href=a.href.replace(/.*\\/url.*[?&](?:url|q)=(http[^&]+).*/,function(a,b)decodeURIComponent(b));do{if(/\\brwt\\(/.test(a.getAttribute('onmousedown')))a.removeAttribute('onmousedown')}while((a=a.parentElement))}},true)",
"surrogate.imdb.replacement":"addEventListener('DOMContentLoaded',function(ev){ad_utils.render_ad=function(w){w.location=w.location.href.replace(/.*\\bTRAILER=([^&]+).*/,'$1')}},true)",
"autoReload.onMultiContent":false,
"surrogate.ab_mirago.replacement":"HLSysBannerUrl=''",
"ABE.rulesets.USER":"# User-defined rules. Feel free to experiment here.\r\n",
"forbidWebGL":false,
"surrogate.googleThumbs.replacement":"(function(){var ss=document.getElementsByTagName('script');var s,t,m,id,i;for(var j=ss.length;j-->0;)if(((s=ss[j])&&(t=s.firstChild&&s.firstChild.nodeValue)&&(id=t.match(/\\w+thumb\\d+/))&&(m=t.match(/['\"](data:[^'\"]+)/)))&&(i=document.getElementById(id)))i.src=m[1].replace(/\\\\(u[0-9a-f]4|x[0-9a-f]2)/ig,function(a,b){return String.fromCharCode(parseInt(b.substring(1), 16))})})()",
"surrogate.ab_bidvertiser.sources":"^http://bdv\\.bidvert",
"filterXExceptions.verizon":true,
"confirmUnblock":true,
"safeJSRx":"(?:window\\.)?close\\s*\\(\\)",
"forbidMixedFrames":true,
"jsHack":"",
"xss.checkInclusions":true,
"silverlightPatch":true,
"surrogate.adfly.replacement":"setInterval(function(){if(window.flash_loaded){paid=true;sendInt();if(countdown>0){countdown=0;setTimeout(function(){document.getElementById('skip_button').click()},1500)}}},500)",
"consoleLog":false,
"tempGlobal":false,
"surrogate.addthis.replacement":"addthis=(function(){var f=arguments.callee;return f.__noSuchMethod__=f.data=f.bar=f.dynamic=f.login=f.ad=f.util=f.user=f.session=f})();",
"surrogate.ga.sources":"*.google-analytics.com",
"filterXExceptions.letitbit":true,
"notify.hideDelay":5,
"statusIcon":true,
"surrogate.ab_adsense.sources":"pagead2.googlesyndication.com",
"sound.oncePerSite":true,
"surrogate.imagebunk.sources":"!http://imagebunk.com/image/*",
"surrogate.ab_mirando.replacement":"Mirando={}",
"siteInfoProvider":"http://noscript.net/about/%utf8%;%ace%",
"forbidMetaRefresh.notify":true,
"surrogate.nscookie.replacement":"document.cookie='noscript=; domain=.facebook.com; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT;'",
"filterXExceptions.medicare":true,
"surrogate.picsee.replacement":"location.replace(location.href.replace(/(\\/2\\d3[^\\/]*)(.*)\\.html/, '/upload$1/$2'));",
"surrogate.picsee.sources":"!^https?://picsee\\.net/2\\d.*\\.html",
"ABE.disabledRulesetNames":"",
"surrogate.googleThumbs.sources":"!^https?://www\\.google\\.[a-z]+/search",
"gtemp":"",
"surrogate.disqus-theme.sources":">.disqus.com/*/build/themes/t_c4ca4238a0b923820dcc509a6f75849b.js*",
"stickyUI":true,
"surrogate.disqus-theme.replacement":"DISQUS.dtpl.actions.register('comments.reply.new.onLoadingStart', function() { DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingStart'); DISQUS.dtpl.actions.remove('comments.reply.new.onLoadingEnd');});",
"jsHackRegExp":"",
"ABE.rulesets.SYSTEM":"# Prevent Internet sites from requesting LAN resources.\r\nSite LOCAL\r\nAccept from LOCAL\r\nDeny",
"clearClick.exceptions":".mail.yahoo.com https://mail.google.com/ *.ebay.com *.photobucket.com .youtube.com",
"ctxMenu":true,
"surrogate.imagehaven.sources":"!@*.imagehaven.net",
"filterXExceptions.blogspot":true,
"requireReloadRegExp":"application/x-vnd\\.moveplayer\\b.*",
"surrogate.debug":false,
"recentlyBlockedLevel":0,
"surrogate.ab_adscale.replacement":"adscale={}",
"autoReload.allTabs":false,
"surrogate.yieldman.sources":"*.yieldmanager.com",
"nselForce":true,
"autoReload.useHistory":false,
"nselNoMeta":true,
"forbidImpliesUntrust":false,
"toolbarToggle":3,
"notify":true,
"ABE.localExtras":"",
"hoverUI.delayStop":50,
"ABE.legacyPrompt":false,
"excaps":true,
"inclusionTypeChecking.checkDynamic":false,
"ABE.allowRulesetRedir":false,
"surrogate.imagebunk.replacement":"document.body.insertBefore(document.getElementById('img_obj'), document.body.firstChild)",
"xss.trustExternal":true,
"surrogate.digg.sources":"!@digg.com/newsbar/*",
"surrogate.ab_mirago.sources":"^http://intext\\.mirago\\.",
"truncateTitle":true,
"forbidPlugins":true,
"keys.tempAllowPage":"",
"nosniff":true,
"hideOnUnloadRegExp":"video/.*",
"surrogate.amo.sources":"!https://addons.mozilla.org/",
"options.tabSelectedIndexes":"2,0,0",
"showRevokeTemp":true,
"surrogate.sandbox":true,
"showTemp":true,
"https.showInConsole":true,
"showExternalFilters":true,
"asyncNetworking":true,
"doNotTrack.exceptions":"",
"badInstall":false,
"filterXGet":true,
"filterXException.photobucket":true,
"surrogate.qs.sources":"edge.quantserve.com",
"showUntrusted":true,
"forbidFonts":true,
"stickyUI.liveReload":false,
"ajaxFallback.enabled":true,
"filterXExceptions.zendesk":true,
"compat.gnotes":true,
"surrogate.ab_mirando.sources":"^http://get\\.mirando\\.",
"surrogate.ab_binlayer.replacement":"blLayer={}",
"toStaticHTML":true,
"clearClick.threshold":18,
"injectionCheck":2,
"ABE.wanIpAsLocal":true,
"xss.checkCharset.exceptions":"",
"clearClick.subexceptions":"^http://bit(?:ly\\.com|\\.ly)/a/sidebar\\?u= http://*.uservoice.com/*/popin.html?* http://w.sharethis.com/share3x/lightbox.html?* http://disqus.com/embed/* *.disqus.com/*/reply.html* http://www.feedly.com/mini abine:*",
"forbidMetaRefresh":true,
"showAllowPage":true,
"surrogate.amo.replacement":"addEventListener('click',function(e){if(e.button)return;var a=e.target.parentNode;var hash=a.getAttribute('data-hash');if(hash){var b=a.parentNode.parentNode;InstallTrigger.install({x:{URL:a.href,IconURL:b.getAttribute('data-icon'),Hash:hash,toString:function(){return a.href}}});e.preventDefault()}},false)",
"ABE.siteEnabled":false,
"autoReload.global":true,
"surrogate.skimlinks.sources":".skimlinks.com/api/",
"surrogate.imagebam.replacement":"(function(){if(\"over18\" in window){var _do=doOpen;doOpen=function(){};over18();doOpen=_do}else{var e=document.getElementById(Array.slice(document.getElementsByTagName(\"script\")).filter(function(s){return !!s.innerHTML})[0].innerHTML.match(/over18[\\s\\S]*?'([^']+)/)[1]);e.style.display='none'}})()"},
"whitelist":"addons.mozilla.org afx.ms ajax.aspnetcdn.com cdnjs.cloudflare.com code.jquery.com firstdata.com firstdata.lv flashgot.net gfx.ms google.com googleapis.com gstatic.com hotmail.com informaction.com live.com live.net maone.net mootools.net mozilla.net msn.com noscript.net outlook.com passport.com passport.net passportimages.com paypal.com paypalobjects.com persona.org prototypejs.org securecode.com securesuite.net sfx.ms tinymce.cachefly.net vjs.zendcdn.net wlxrs.com yahoo.com yahooapis.com yandex.st yimg.com youtube.com ytimg.com about: about:addons about:blank about:blocked about:certerror about:config about:crashes about:home about:memory about:neterror about:plugins about:privatebrowsing about:sessionrestore about:srcdoc about:support blob: chrome: http://afx.ms http://firstdata.com http://firstdata.lv http://flashgot.net http://gfx.ms http://google.com http://googleapis.com http://gstatic.com http://hotmail.com http://informaction.com http://live.com http://live.net http://maone.net http://mootools.net http://mozilla.net http://msn.com http://noscript.net http://outlook.com http://passport.com http://passport.net http://passportimages.com http://paypal.com http://paypalobjects.com http://persona.org http://prototypejs.org http://securecode.com http://securesuite.net http://sfx.ms http://wlxrs.com http://yahoo.com http://yahooapis.com http://yandex.st http://yimg.com http://youtube.com http://ytimg.com https://afx.ms https://firstdata.com https://firstdata.lv https://flashgot.net https://gfx.ms https://google.com https://googleapis.com https://gstatic.com https://hotmail.com https://informaction.com https://live.com https://live.net https://maone.net https://mootools.net https://mozilla.net https://msn.com https://noscript.net https://outlook.com https://passport.com https://passport.net https://passportimages.com https://paypal.com https://paypalobjects.com https://persona.org https://prototypejs.org https://securecode.com https://securesuite.net https://sfx.ms https://wlxrs.com https://yahoo.com https://yahooapis.com https://yandex.st https://yimg.com https://youtube.com https://ytimg.com moz-safe-about: resource:",
"V":"2.6.8.19rc2"
}

Other then SeaMonkey built-in Extensions (cZ, DOM, JS Debugger, Debug & QA), the only other extension is FlashGot. Plugin is Flash.

[Giorgio Maone]

OK, that's really weird, especially the latest screenshot with the popup alert.
It shouldn't happen at all with your current setup.
Does it fire on http://evil.hackademix.net/alert.html without allowing hackademix.net?

(it doesn't for me on SM 2.25)

[therube]

> Does it fire on http://evil.hackademix.net/alert.html without allowing hackademix.net?

No.

And again, definite behavior difference between NoScript versions.

More of the (a) page:

Code: Select all

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<!--! version 20140204b-133 / MATCH  -->
<!--! request id 2014-03-26-10:07:48:229 (16) -->
<!--! page id PAYMENT_HISTORY -->
<html lang="en-US">
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<meta name="Description" content="This Bank of America Online Banking page for Bill Pay lists payments you have made." />
<meta name="li" content="en_US" />
<title>Bank of America | Online Banking | Bill Pay | Payments | Payments Overview</title>
<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_master_cp.css">

<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_master_cp.css">

<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_win_ns_6_cp.css">
<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_win_ns_6_cp.css">

<link rel="stylesheet" type="text/css" media="print" href="/sbp/0204b//print_cp.css">


<script language="JavaScript" type="text/javascript" src="/sbp/0204b/jquery/jquery-1.8.3.min.js"></script>
<script language="JavaScript" type="text/javascript" src="/sbp/0204b/cf_cp.js"></script>
<script language="JavaScript" type="text/javascript" src="/sbp/0204b/http_cp.js"></script>

<script type="text/javascript">
var ngshWinWidth       = 780;
var ngshWinHeight      = 580;
var ebillDemoWinWidth  = 775;
var ebillDemoWinHeight = 570;
var helpWinWidth       = 350;
var helpWinHeight      = 450;
var largeHelpWinWidth  = 450;
var largeHelpWinHeight = 500;
function loadHandler() {


}
</script>
<script type="text/javascript">
var SessionTimeout = {
TIMEOUT_WARNING_MESSAGE_1  : "For your safety and protection your Online Banking session is about to be timed out if there is no additional activity.",
TIMEOUT_WARNING_MESSAGE_2  : "If you are still working in your Online Banking session simply click OK to continue.",
TITLE_SIGNOFF              : "Bank of America | Online Banking | Automatic Sign Off Alert",
SECURITY_MESSAGE           : "Security Message",
REDIRECT_NOW               : "Redirect now...",
TIMEOUT_MESSAGE            : "For your safety and protection your Online Banking session has been timed out due to inactivity.\n\nThis timeout provides reassurance for your Online Banking safety.\n\nYou must sign in again to resume using your Online Banking.",
imgPath                    : "/sbp/0204b/images/",
timeoutWarningMilliseconds : 18 * 60000,
timeoutSignoutMilliseconds : 2 * 60000,
timerIdWarning             : null,
timerIdSignout             : null,
signoutUrl                 : "wps?rq=so&timeoutso=y&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
resetUrl                   : "wps?rq=timeout&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
IFrameTimeObj              : null,
popupBlocked               : false,
timeoutWarningDiv          : null,
//timeoutWarningIFrame       : null,
popupStylePosition         : ""
};
SessionTimeout.init = function() {
if (SessionTimeout.timeoutWarningMilliseconds > 0) {
SessionTimeout.set();
}
};
SessionTimeout.set = function() {
SessionTimeout.timerIdWarning = setTimeout(SessionTimeout.displayWarning, SessionTimeout.timeoutWarningMilliseconds);
SessionTimeout.timerIdSignout = setTimeout(SessionTimeout.signOut, SessionTimeout.timeoutWarningMilliseconds + SessionTimeout.timeoutSignoutMilliseconds);
};
SessionTimeout.reset = function() {
if (SessionTimeout.timerIdWarning) { clearTimeout(SessionTimeout.timerIdWarning); }
if (SessionTimeout.timerIdSignout) { clearTimeout(SessionTimeout.timerIdSignout); }
SessionTimeout.set();
};
SessionTimeout.signOut = function() {
SessionTimeout.timerIdSignout = null;
if (SessionTimeout.popupBlocked && SessionTimeout.timeoutWarningDiv) {
SessionTimeout.closePopup();
}
alert(SessionTimeout.TIMEOUT_MESSAGE);
self.status = SessionTimeout.REDIRECT_NOW;
self.location = SessionTimeout.signoutUrl;
};
SessionTimeout.displayWarning = function() {
SessionTimeout.timerIdWarning = null;
if ((window.navigator.browser.make == window.navigator.browser.BROWSER_CHROME) || // cannot detect pop-up is blocked or not for Chrome. We will assume it is blocked and show the layer.
(window.navigator.browser.make == window.navigator.browser.BROWSER_SAFARI)) // Safari does not have title for pop-ups. So we will have layer for Safari as well.
{
SessionTimeout.popupBlocked = true;
SessionTimeout.firePopup();
return;
}
var blankWindowTemplate = "/sbp/0204b/blank.html";
var timeout_option="toolbar=0"+",location=0"+",directories=0"
+",status=0"+",menubar=0"+",scrollbars=0"
+",resizable=0"+",width=310"+",height=290";
var timeout_win = window.open(blankWindowTemplate,"NewWindow",timeout_option,true);
if (timeout_win == null || typeof(timeout_win)=="undefined") {
SessionTimeout.popupBlocked = true;
SessionTimeout.firePopup();
}
else {
timeout_win.document.write('<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">\n');
timeout_win.document.write('<HTML><HEAD><TITLE>'+SessionTimeout.TITLE_SIGNOFF+'<\/TITLE>\n'); //"Bank of America | Online Banking | Automatic Sign Off Alert";
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_master_cp.css">\n');
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_master_cp.css">\n');
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//bofa_win_ns_6_cp.css">\n');
timeout_win.document.write('<link rel="stylesheet" type="text/css" href="/sbp/0204b//cf_win_ns_6_cp.css">\n');
timeout_win.document.write('<script language="JavaScript" type="text/javascript">\n');
timeout_win.document.write('function submitForm() { window.opener.SessionTimeout.reset(); document.frmTimeout.submit(); window.close();}\n');
timeout_win.document.write('function hover(ref, classRef) { eval(ref).className = classRef; }\n');
timeout_win.document.write('<\/script>\n');
timeout_win.document.write('<\/head>\n');
timeout_win.document.write('<body link="#0000cc" vlink="#ff0000"  alink="#cecece" onload=\'window.setTimeout("this.close()",'+(SessionTimeout.timeoutSignoutMilliseconds-2000).toString()+');\'>\n');
timeout_win.document.write('<div style="margin: 0px; padding: 0px; border: 0px; width: 310px; height: 55px;">\n');
timeout_win.document.write('<img alt="Bank of America" src="/sbp/i0204b/flagscape_banner.gif" border=0 width=310 height=55>\n');
timeout_win.document.write('<h1 class=ada>'+SessionTimeout.SECURITY_MESSAGE+'</h1>\n');
timeout_win.document.write('<div style="margin: 25px 10px 10px 10px; padding: 0px; border: 0px; width: 290px; height: 150px;">\n');
timeout_win.document.write('<p class="text2">\n');
timeout_win.document.write(SessionTimeout.TIMEOUT_WARNING_MESSAGE_1);
timeout_win.document.write('<br><br>\n');
timeout_win.document.write(SessionTimeout.TIMEOUT_WARNING_MESSAGE_2);
timeout_win.document.write('<\/p>\n');
timeout_win.document.write('<\/div>\n');
timeout_win.document.write('<div style="margin: 0px 10px 10px 10px; padding: 0px; border: 0px; width: 290px; height: 20px;">\n');
timeout_win.document.write('<FORM METHOD=POST name=frmTimeout ACTION="'+SessionTimeout.resetUrl+'">\n');
timeout_win.document.write('<table cellpadding="0" cellspacing="0" align="center" border="0">\n');
timeout_win.document.write('<tr><td>\n');
var t = create_button_str("OK", "javascript:submitForm();", "btn1", null, null, null, null, "", null);
timeout_win.document.write(t+'\n');
timeout_win.document.write('\n<\/td></tr>\n');
timeout_win.document.write('<\/table>\n');
timeout_win.document.write('<\/form>\n');
timeout_win.document.write('<\/div>\n');
timeout_win.document.write('<\/div>\n');
timeout_win.document.write('<\/body>\n');
timeout_win.document.write('<\/html>\n');
timeout_win.document.close();
}
};
SessionTimeout.firePopup = function() {
if (!SessionTimeout.timeoutWarningDiv) {
// The popup layer is only created once.
SessionTimeout.createPopup();
SessionTimeout.timeoutWarningDiv = document.getElementById('timeout_warning_div');
//SessionTimeout.timeoutWarningIFrame = document.getElementById('timeout_warning_iframe');
// What is the position style of the popup? How to find out depends on the browser. The outcome "fixed" or "absolute" also depends on the browser (see style sheets).
if (SessionTimeout.timeoutWarningDiv.currentStyle) {
// IE
SessionTimeout.popupStylePosition = SessionTimeout.timeoutWarningDiv.currentStyle.position;
}
else if (window.getComputedStyle) {
// W3C
SessionTimeout.popupStylePosition = window.getComputedStyle(SessionTimeout.timeoutWarningDiv, null).position;
}
}
SessionTimeout.positionPopup();
setSelectBoxVisibility(false);
SessionTimeout.timeoutWarningDiv.style.display = "";
if (SessionTimeout.popupStylePosition == "absolute") {
// Register scroll handlers for absolutely positioned popup. Needs to be repositioned to the center of the viewport if user scrolls.
if (document.addEventListener) {
document.addEventListener("scroll", SessionTimeout.positionPopup, false);
}
else if (window.attachEvent) {
window.attachEvent("onscroll", SessionTimeout.positionPopup);
}
}
};
SessionTimeout.createPopup = function() {
makeDom(document.body, ['div.session_timeout', {id:"timeout_warning_div"},
['img', {src:SessionTimeout.imgPath+"flagscape_banner.gif", alt:"Bank of America", border:"0", width:"310", height:"55"}],
['div',
['table', {width:"100%", cellSpacing:"0", cellPadding:"0", border:"0", summary:""},
['tbody',
['tr',
['td', {width:"100%"},
['div', {style:"width: 1px; height: 19px; font-size: 0px;"}]
]
],
['tr',
['td', {vAlign:"top", style:"padding: 0px 7px 0px 8px; height: 157px;"},
['p.text2',
SessionTimeout.TIMEOUT_WARNING_MESSAGE_1,
['br'],
['br'],
SessionTimeout.TIMEOUT_WARNING_MESSAGE_2
]
]
],
['tr',
['td', {vAlign:"top", align:"center"},
['table', {cellSpacing:"0", cellPadding:"0", border:"0", summary:""},
['tbody',
['tr',
['td',
['div.btn1',
['a.btn1', {href:"javascript:SessionTimeout.resetPopup();"}, "OK"]
]
]
]
]
]
]
],
['tr',
['td', {width:"100%"},
['div', {style:"width: 1px; height: 27px; font-size: 0px;"}]
]
]
]
]
]
]
);
};
SessionTimeout.closePopup = function() {
SessionTimeout.timeoutWarningDiv.style.display = "none";
setSelectBoxVisibility(true);
//SessionTimeout.timeoutWarningIFrame.style.display = "none";
SessionTimeout.popupBlocked = false;
};
SessionTimeout.positionPopup = function() {
if (SessionTimeout.popupStylePosition == "absolute") {
// Absolute positioned popup layer (IE).
// Absolute positioned elements are positioned with respect to the containing block, which in this case is the document.
SessionTimeout.timeoutWarningDiv.style.top = document.body.scrollTop + (document.body.clientHeight-280)/2+"px";
SessionTimeout.timeoutWarningDiv.style.left = document.body.scrollLeft + (document.body.clientWidth-312)/2+"px";
}
else {
// Fixed positioned popup layer (W3C).
// Fixed positioned elements are positioned with respect to the viewport.
SessionTimeout.timeoutWarningDiv.style.top = (document.body.clientHeight-280)/2+"px";
SessionTimeout.timeoutWarningDiv.style.left = (document.body.clientWidth-312)/2+"px";
}
//SessionTimeout.timeoutWarningIFrame.style.width = SessionTimeout.timeoutWarningDiv.offsetWidth;
//SessionTimeout.timeoutWarningIFrame.style.height = SessionTimeout.timeoutWarningDiv.offsetHeight;
//SessionTimeout.timeoutWarningIFrame.style.left = SessionTimeout.timeoutWarningDiv.offsetLeft;
//SessionTimeout.timeoutWarningIFrame.style.top = SessionTimeout.timeoutWarningDiv.offsetTop;
};
SessionTimeout.resetPopup = function() {
SessionTimeout.reset();
SessionTimeout.closePopup();
HTTP.getText(SessionTimeout.resetUrl, SessionTimeout.callback);
};
SessionTimeout.callback = function() {
return false;
};
// Initialize the timeout after the page has loaded.
if (window.addEventListener) {
window.addEventListener("load", SessionTimeout.init, false);
}
else if (window.attachEvent) {
window.attachEvent("onload", SessionTimeout.init);
}
</script><script type="text/javascript">
var fsdNavClientOptions = {
"clientName": "fiserv",
"clientBorneo": false,
"locale": "en-US",
"clientActiveTab": "billpay",
"searchSourceSite": "olb",
"searchSourceDir": "/login",
"searchSourceTitle": "Bank of America | Online Banking",
"entryURL": "wps?&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e",
"helpURL": "wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=payments_overview_help.htmlt",
"helpWindowName": "largeHelpWin",
"pipadDomainUrl":"https://secure.bankofamerica.com","PSDUrl":"https://safe.bankofamerica.com","headerDM":"247","fsdSSK":"ZHh1b0x6M0FrMnk=","sourceApplication":"billpay","multipleBillPayOption":"false"
};
</script>
<script language="JavaScript" type="text/javascript" src="https://secure.bankofamerica.com/pa/components/utilities/top-nav-util/1.1/script/topnav.js"></script>
<style>
#olb-globals-header-container .olb-header-module-fsdnav-skin .fsdnav-header ul.fsdnav-header-links .fsdnav-profile-settings a.fsd-locale-set,
#olb-globals-footer-container .olb-footer-module-fsdnav-skin .fsd-footer-links .fsd-locale-li,
#olb-globals-footer-container .olb-footer-module-fsdnav-skin .fsd-footer-links a.fsd-locale-set {
display:none !important;
}
</style>

</head>
<body onload="loadHandler();">

<div class="ada" ><a href="wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=help_screen_readers.htmlt" target="largeHelpWin" onfocus="window.status='Tips For Screen Readers'" onblur="window.status=''" onClick="this.href='javascript:popRemoteLarge(\'wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=help_screen_readers.htmlt\')';this.target=''">Tips For Screen Readers</a><br /><a href="#skipnav" onfocus="window.status='Skip navigational links'" onblur="window.status=''">Skip navigational links</a><img src="https://secure.bankofamerica.com/myaccounts/sec-redirect/ssopingback.go?source=billpay&pingbackToken=wbp&pts=20140326140748243" width="1" height="1" alt="" border="0" class="noprint"></div><table style="margin-left:12px" class="printonly" summary="" width="575" border="0" cellspacing="0" cellpadding="0"><tr><td valign="top"><img src="/sbp/i0204b/olb_masthead_nonav_575x83.gif" hspace="0" vspace="0" border="0" alt="Online Banking"></td></tr><tr><td><img src="/sbp/i0204b/clr.gif" width="575" height="20" hspace="0" vspace="0" border="0" alt=""></td></tr></table><div id="olb-globals-header-container" style="height:111px;" class="noprint"></div>
<table id="table_main" width="972"  border="0" cellspacing="0" cellpadding="0" summary="">
<tr>
<td>
<div class="spacer" style="height: 8px;"></div>
<div class="pagelabel" style="width:960px" >

<table width="960"  border="0" cellspacing="0" cellpadding="0" summary="">
<tr>
<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0" summary="">
<tr valign="top">


<td style="padding-top:9px;"><a name="skipnav"></a><h1 class="title1 noprint">Payments Overview </h1><h1 class="title1print printonly">Payment Activity</h1></td>

</tr>
</table></td>
<td align="right" valign="top" style="padding-top:0px" nowrap>
<div style="vertical-align:top" class="text1"><span class="nav3-on">
Payments Overview
</span>
  <span class=blue-dot-nav3>•</span>  
<a href="wps?rq=apov&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e" title="" class="nav3-off">
Automatic Payments<span class="ada"> Overview page</span></a>
  <span class=blue-dot-nav3>•</span>  

<a href="wps?rq=selp&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e" class="nav3-off" title="">Make a Single Payment</a><img class="noprint" border="0" height=1 alt="" width="10" src="/sbp/i0204b/clr.gif"></div>
</td>
</tr>
</table>
<div class="spacer noprint" style="height: 8px"></div>
<div class="rulegrey3" style="width:960px"><img src="/sbp/i0204b/pixel.gif" border="0" alt="" width="1" height="1"></div>
<div class="spacer noprint" style="height: 13px"></div>
<noscript>
<table width="100%" style="border: 1px solid #D4001A;" border="0" cellspacing="0" cellpadding="0" summary="">
<tr>
<td valign="top" style="padding: 10px"><a name="error"><img src="/sbp/i0204b/icon_alert_info_27x27.gif" alt="Enable JavaScript to refresh this page"></a></td>
<td width="95%" valign="top" style="padding: 10px 120px 10px 0"><p class="text1">Your JavaScript is currently disabled. To continue, please adjust your browser settings to activate JavaScript and <a href="javascript:location.reload(true);" class="linkblue" title="Enable JavaScript to refresh this page">refresh</a> this page.</p></td>
</tr>
</table>
</noscript>
<div id="div_main" style="display: none;"><script type="text/javascript">document.getElementById("div_main").style.display = "";</script>


<table width="960" cellspacing="0" cellpadding="0" border="0">
<tr>
<td width="735" valign="top">
<table width="735" border="0" cellspacing="0" cellpadding="0" summary="">
<tr><td></td></tr>
<tr><td><span class="ada"><a name="top"></a><a class="ada" href="#search" title="Search for Payments">Search for Payments</a> <a class="ada" href="#activity" title="Payment Activity">Payment Activity</a></span></td></tr>
<tr><td></td></tr>
</table>
<form class="noprint" id="pmtSearch" name="pmtSearch" method="get" action="wps" style="margin:0px">
<input type="hidden" name="sp" value="8109">
<input type="hidden" name="oss" value="504cadaef3fc8866573e2934ee906d9e">
<input type="hidden" name="seasurf" value="00f532d5108cb41a322306e81774fea07b8286c910066d28fd9b6a6ad5a998fa">

<input type="hidden" name="rq" value="phq">
<input type="hidden" name="pgnum" value="">
<input type="hidden" name="pgtok" value="">
<input type="hidden" name="sort" value="">

<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>
<td width="100%">
<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>

<td class="module1title5" valign="middle" nowrap><h2>Search for Payments</h2></td>


<td class=module1title5 valign="middle" nowrap ><a title="Search for Payments help" href="wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=payments_overview_search_module.htmlt" target="largeHelpWin" onclick="this.href='javascript:popRemoteLarge(\'wps?rq=gf&sp=8109&oss=504cadaef3fc8866573e2934ee906d9e&file=payments_overview_search_module.htmlt\')';this.target=''"><img src="/sbp/i0204b/icon_help_12x12.png" alt="Search for Payments help" width="12" height="12" border="0" style="margin-left: 10px;"></a></td>
<td class="module1title5" valign="middle" align="right" width="90%" style="padding-right: 10px;"><span class="text2"><a id="showLink0" style="display: none" title="" href="javascript:showOpen0()" class="linkblue">Show the Search for Payments section</a><a id="hideLink0" style="display: none" title="" href="javascript:showClosed0()" class="linkblue">Hide the Search for Payments section</a></span></td>
</tr>
</table>
</td>
</tr>
<tr><td class=mod2-brdr2-hs><img src="/sbp/i0204b/clr.gif" width="1" height="1" alt="" border="0"></td></tr>
<tr><td class=mod2-brdr-hs><img src="/sbp/i0204b/clr.gif" width="1" height="1" alt="" border="0"></td></tr>
<tr>
<td>
<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr>
<td width="1" class="mod2-brdr-hs"><img src="/sbp/i0204b/clr.gif" width="1" height="1" border="0" alt=""></td>
<td>
<table width="100%" cellspacing="0" cellpadding="0" border="0" summary="">
<tr valign="top">

<td style="padding:15px 8px 20px;">

<a name="search"></a>
<div id="div_search_collapsed" style="display:none">
<span class="text1">To search for payments, click
<a title="" href="javascript:showOpen0()" class="linkblue">Show the Search for Payments section</a>.
</span>
</div>
<div id="div_search_expanded" style="display:none">
<table cellspacing="0" cellpadding="0" summary="">
<tr>
<td rowspan="9"><div style="width: 30px;" /></td>
<td valign="top" align="right"><span style="font-weight: bold" class="text2">Date:</span><span class="ada"> Use the date options to filter your payments by all dates or a date range</span></td>
<td><div style="width: 10px;" /></td>
<td>
<table cellspacing="0" cellpadding="0" summary="">
<tr>
<td></td>
<td valign="top" align="right"><input type="radio" id="all" name="dateRange" value="all"  style="margin: 0px; width: 18px; height: 14px;"></td>
<td colspan="5" valign="top"><label for="all"><span style="font-weight:bold;" class="text2">All dates</span><span class="ada"> Select this option to filter by all dates</span></label></td>
</tr>
<tr>
<td valign="top" style="padding-top: 3px;"></td>
<td valign="top" style="padding-top: 5px;"><input type="radio" id="range" name="dateRange" value="range" checked style="margin: 0px; width: 18px; height: 14px;"></td>
<td valign="top" style="padding: 5px 3px 0 0;"><label for="range"><span class="ada">Range of </span><span class="text2" style="font-weight: bold; ">Transactions from</span></label></td>
<td valign="top"><label for="fromDate"><span class="ada"> start date of </span></label><input type="text" size="6" value="02/27/2014" maxLength="10" id="fromDate" name="fromDate" class="date" onkeypress="document.pmtSearch.dateRange[1].checked=true"></td>
<td valign="top" style="padding: 5px 3px 0 3px;"><span style="font-weight: bold; " class="text2">to</span></td>
<td valign="top"><label for="toDate"><span class="ada"> end date of </span></label><input type="text" size="6" value="03/26/2015" maxLength="10" name="toDate" id="toDate" class="date" onkeypress="document.pmtSearch.dateRange[1].checked=true"></td>
<td valign="top" style="padding: 5px 0 0 3px;"><span class="text1a" style="">mm/dd/<span class="lowercase" title="4 digit year">YYYY</span></span></td>
</tr>
</table>
</td>
</tr>

[therube]

FF28 behaves likewise.
New Profile.
Install NoScript.
Set no META redirects & toggle noscript.autoReload.allTabs.
Wait.

Though oddly, not all the pages redirect all of the time?

It was just a matter of time(out).

[therube]

Like http://forums.informaction.com/viewtopi ... 727#p68727, FF27 & NoScript 2.6.8.19rc2 works properly, does not redirect me.

So it appears to be changes in both Mozilla (FF27 vs FF28) & NoScript (2.6.8.17 vs 2.6.8.19) that are affecting one another.

[barbaz]

@therube, does 2.6.8.18rc1 work properly in Gecko 29 (i.e. no alert boxes, you're not redirected,...)?
Are you still redirected like that in Gecko 29 if you don't forbid META redirections with NoScript, but instead use
about:config -> set accessibility.blockautorefresh to true ?

[therube]

(Just to note, I didn't test 2.6.8.18rc1, only cause when I reverted I happened to put in 2.6.8.17 & saw that worked as expected.)

[therube]

Gecko/20100101 Firefox/29.0 aka FF29.0b2

> does 2.6.8.18rc2 work properly in Gecko 29 (i.e. no alert boxes, you're not redirected,...)?

No, it is not working properly.
I am redirected.

(Second part will have to wait for another time...)

Ah, frickin' FF. It was an older 29.0a1 I was using (frickin' "magic dates" 20100101!).
b2 will have to wait.

[barbaz]

2.6.8.18rc2

You can't test rc1, or is that a typo?
(Why not use SeaMonkey 2.26a2 build 20140317013001?)

[therube]

> 2.6.8.18rc2
> You can't test rc1, or is that a typo?

It was an rc2, though I think it was in fact a typo, & was 19rc2.

> (Why not use SeaMonkey 2.26a2 build 20140317013001?)

Well I know that is affected.
(My screenshots, above, were with 2.26a2.)
Didn't test that (again) because of its (now) age.