xss on gmail

[night]

[NoScript] Force text/plain for missing content-type on https://www.google.com/intl/pt-PT/mail/help/about.html
[NoScript InjectionChecker] JavaScript Injection in ///se/0/_/ 1/fastbutton?usegapi=1&origin=https://www.google.com&url=https://www.google.com/intl/pt-PT/mail/help/about.html&gsrc=3p&ic=1&jsh=m;/_/scs/apps-static/_/js/k=oz.gapi.pt_PT.1g-4IO2C2v8.O/m=__features__/am=AQ/rt=j/d=1/rs=AGLTcCN-eBIEiIN3HiJ4A9tPWB7HbSMXtQ#_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload&id=I0_1458241430527&parent=https://www.google.com&pfname=&rpctoken=39022211
(function anonymous() {
_methods=onPlusOne,_ready,_close,_open,_resizeMe,_renderstart,oncircled,drefresh,erefresh,onload /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Desinfectou um requerimento suspeito. O URL original [https://apis.google.com/se/0/_/+1/fastb ... n=39022211] requerido por [https://www.google.com/intl/pt-PT/mail/help/about.html]. URL desinfectada: [https://apis.google.com/#646347786676619544].)
about:blank : Unable to run script because scripts are blocked internally.

False Positive?

[barbaz]

Please test if this is the same bug(s) so many others have reported, by downgrading to NoScript 2.9.0.5rc2 and see if it works. If so, I suggest to downgrade to NoScript 2.9.0.4 until Giorgio has time to fix the bug(s).

[night]

Please test if this is the same bug(s) so many others have reported, by downgrading to NoScript 2.9.0.5rc2 and see if it works. If so, I suggest to downgrade to NoScript 2.9.0.4 until Giorgio has time to fix the bug(s).

Worked ty bro

[barbaz]

You're welcome.

[barbaz]

Does NoScript 2.9.0.6 works again?

[night]

Nop, shows the same problem...

[Giorgio Maone]

Nop, shows the same problem...

Please double check it's actually 2.9.0.6. It's working fine for me with exactly the URL you pasted above.

[night]

Its running great now ty