the problem is that when we have a XSS warning the browser freezes for some seconds ... very annoying
i can't mark bluekai as untrusted ... so what is the solution ?
Several HP.COM web pages trigger XSS warning
Re: Several HP.COM web pages trigger XSS warning
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Re: Several HP.COM web pages trigger XSS warning
Sorry, I misunderstood your point.gvp wrote:the problem is that when we have a XSS warning the browser freezes for some seconds ... very annoying
In that case XSS exception for requests to bluekai, coupled with an ABE rule to completely block all requests to bluekai as suggested above, is indeed the best solution. That's not dangerous because ABE would then block those requests so it doesn't matter what the XSS filter does or doesn't do, the end result is the same.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Several HP.COM web pages trigger XSS warning
the point is, whenever I have a XSS warning the firefox freezes for some seconds ... and when it unfreezes the XSS warning appears ... is this normal ?barbaz wrote:Sorry, I misunderstood your point.gvp wrote:the problem is that when we have a XSS warning the browser freezes for some seconds ... very annoying
this works quite well ...barbaz wrote:In that case XSS exception for requests to bluekai, coupled with an ABE rule to completely block all requests to bluekai as suggested above, is indeed the best solution. That's not dangerous because ABE would then block those requests so it doesn't matter what the XSS filter does or doesn't do, the end result is the same.
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Re: Several HP.COM web pages trigger XSS warning
I'd say it can be, other users have reported likewise. It depends what the XSS filter has to do.gvp wrote:the point is, whenever I have a XSS warning the firefox freezes for some seconds ... and when it unfreezes the XSS warning appears ... is this normal ?
gvp wrote:this works quite well ...barbaz wrote:In that case XSS exception for requests to bluekai, coupled with an ABE rule to completely block all requests to bluekai as suggested above, is indeed the best solution. That's not dangerous because ABE would then block those requests so it doesn't matter what the XSS filter does or doesn't do, the end result is the same.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Several HP.COM web pages trigger XSS warning
As mentioned earlier, it would also be theoretically possible to write a surrogate designed to remove the trigger. Probably would need more investigation, but it would be quieter.
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0