My Noscript updated 4/25/14, and since the update, I cannot post with pictures in what is principally a picture based thread on Fark.com.
The pictures I post are hosted in a gallery on Smugmug.
The syntax necessary to show both the text of the post and a sample picture from Smugmug would be as follow...
This is a sample/test with a photo
[unfortunately, I cannot post the sample syntax for linking to embed the photo without tripping your spam filter]
The first line is the text, the second line links to the photo I want to display.
This is a weekly thread on Fark.com and I have never had trouble posting.
Since the update, NoScript has prevented me from making any posts.
From what I can discern from reading the console report, it's due to XSS in the hotlink for the picture.
That pretty much is all I can figure out and I could not figure out how to configure an exception to allow it.
I don't have the know-how.
Any suggestions or insight?
[RESOLVED] Smugmug & Fark.com
-
QJ
[RESOLVED] Smugmug & Fark.com
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Re: Smugmug & Fark.com
read the xss sticky in this forum
if you need help with writing the regex, post here the message from the browser console and exactly what you want to do (allow the origin or trust the destination?)
if you need help with writing the regex, post here the message from the browser console and exactly what you want to do (allow the origin or trust the destination?)
*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26
-
QJ
Re: Smugmug & Fark.com
Here is (what I hope) is the pertinant message from the console after I enabled NoScript...
Code: Select all
[NoScript XSS] Sanitized suspicious upload to [https://www.fark.com/comments/8234613/We-are-seeing-rapid-development-of-story-with-first-video-live-from-scene-in-New-York-at-first-North-American-Cat-Cafe-where-adoptable-cats-interact-with-New-Yorkers-All-new-just-in-time-for-Caturday-Livestream-in-progress###DATA###Testing+1-2-3%0D%0A%0D%0A%3Cimg+src%3D%22http%3A%2F%2Freneau.smugmug.com%2Fphotos%2Fi-q2VPQqF%2F0%2FO%2Fi-q2VPQqF.jpg%22%3E] from [http://www.fark.com/comments/8234613/We-are-seeing-rapid-development-of-story-with-first-video-live-from-scene-in-New-York-at-first-North-American-Cat-Cafe-where-adoptable-cats-interact-with-New-Yorkers-All-new-just-in-time-for-Caturday-Livestream-in-progress]: transformed into a download-only GET request.Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Re: Smugmug & Fark.com
yes that's the right message
you want to add to your xss exceptions
(blargh, encoded HTML as part of the URL?? 
no wonder the xss filter tripped)
you want to add to your xss exceptions
Code: Select all
^@https?://www\.fark\.com/comments/*Always* check the changelogs BEFORE updating that important software!
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:29.0) Gecko/20100101 Firefox/29.0 SeaMonkey/2.26
-
QJ
Re: Smugmug & Fark.com
That took care of it!
Thank you so very much for your assistance!
Thank you so very much for your assistance!
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0
Re: Smugmug & Fark.com
This is known as Vulnerable By Design...barbaz wrote: (blargh, encoded HTML as part of the URL??
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0