NoScript XSS attack aliexpress.com

Hobbix · Post by **Hobbix** » Fri Aug 04, 2017 9:35 pm

Site: aliexpress.com
When choosing any product, I get an XSS attack.

Screenshot

Post by **barbaz** » Fri Aug 04, 2017 9:43 pm

It's facebook tracking tripping the XSS filter. What's your question?

Hobbix · Post by **Hobbix** » Fri Aug 04, 2017 9:49 pm

How can I disable this warning on this site?

Post by **barbaz** » Fri Aug 04, 2017 10:01 pm

Does it go away if you block scripts for all facebook related domains?

Hobbix · Post by **Hobbix** » Sat Aug 05, 2017 1:38 pm

barbaz wrote:Does it go away if you block scripts for all facebook related domains?

Yes. When I blocked the facebook.net domain in Noscript, the XSS attack message does not appear.

Post by **Thrawn** » Mon Aug 07, 2017 12:50 am

That's probably your best choice, then. Just mark facebook.net as Untrusted.

If you find that you really need to allow facebook.net sometimes, then we can help you write an ABE rule for that.

Hobbix · Post by **Hobbix** » Mon Aug 07, 2017 10:17 am

Thrawn wrote:then we can help you write an ABE rule for that.

Please help me write a rule for ABE.

Post by **Thrawn** » Thu Aug 10, 2017 3:45 am

Probably something like this:

Code: Select all

Site .facebook.net
Anon from .aliexpress.com
Deny INC

Then whitelist facebook.net

Which site is giving you trouble when Facebook is blocked?

InformAction Forums

NoScript XSS attack aliexpress.com

NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com

Re: NoScript XSS attack aliexpress.com