Facebook Google Gadget

Dateline 4:20 · Post by **Dateline 4:20** » Tue Jul 14, 2009 7:57 am

NoScript "broke" my Facebook Google Gadget, or iGoogle, or whatever it's called.
Every time I try to load the page, it blocks what it thinks is a "suspicious" XSS attempt and I can't see my Facebook information. I tried "unsafe reload" but that didn't help. I tried adding a string "^http://*facebook.com" to the XSS area of the NoScript options, but that didn't help either.
I'd like to attach my screenshot, but I can't figure out how. I'm going to try photobucket:

OK, good, that worked.

NoScript Version is 1.9.5 on Firefox For U3 version 2.0.0.4, XP Pro SP2/1.4 MHZ Intel C2D 3.5GB RAM
Can anybody help me with this? Please?

Post by **Giorgio Maone** » Tue Jul 14, 2009 8:16 am

Try to add the following line to XSS exceptions:

Code: Select all

^@https?://api\.connect\.facebook\.com/

Guest · Post by **Guest** » Tue Jul 14, 2009 4:55 pm

it worked! thank you.

Dateline 4:20 · Post by **Dateline 4:20** » Wed Jul 15, 2009 5:41 am

If you don't mind, would you explain why it worked, in case I run into a similar problem in the future?

Post by **Giorgio Maone** » Wed Jul 15, 2009 6:12 am

Regular expression exceptions starting with ^@ exempt some origin from checks, while normal exceptions match the destination.
The rule means "Exempt from XSS checks requests originated from api.connect.facebook.com, both on http and https".

InformAction Forums

Facebook Google Gadget

Facebook Google Gadget

Re: Facebook Google Gadget

Re: Facebook Google Gadget

Re: Facebook Google Gadget

Re: Facebook Google Gadget