[RESOLVED] youtube xss

Ask for help about NoScript, no registration needed to post
User avatar
cartel
Junior Member
Posts: 46
Joined: Sun Jul 14, 2013 11:31 pm

[RESOLVED] youtube xss

Post by cartel » Wed Aug 23, 2017 12:43 am

Noscript is blocking hovercards today...

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in youtube.watch&origin=https://www.youtube.com&usegapi=1&jsh=m;/_/scs/abc-static/_/js/k=gapi.gapi.en.ellQXbSf-LI.O/m=__features__/am=AAg/rt=j/d=1/rs=AHpOoo9jm0At0b0B7I7G3MSvlepU00mZfA#id=I0_1503447298551&parent=https://www.youtube.com&pfname=&rpctoken=37236279
(function anonymous() {
_/scs/abc-static/_/js/k==gapi.gapi.en.ellQXbSf-LI.O/m==__features__
})

[NoScript XSS] Sanitized suspicious request. Original URL [https://apis.google.com/u/0/_/hovercard/internalcard?p=36&hl=en_US&p=36&ytid=UCpaPpDzDUTzYm0t4Pa5h28Q&src=youtube.watch&origin=https%3A%2F%2Fwww.youtube.com&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fabc-static%2F_%2Fjs%2Fk%3Dgapi.gapi.en.ellQXbSf-LI.O%2Fm%3D__features__%2Fam%3DAAg%2Frt%3Dj%2Fd%3D1%2Frs%3DAHpOoo9jm0At0b0B7I7G3MSvlepU00mZfA#id=I0_1503447298551&parent=https%3A%2F%2Fwww.youtube.com&pfname=&rpctoken=37236279] requested from [https://www.youtube.com/watch?v=nYqqwsF3R04]. Sanitized URL: [https://apis.google.com/#17041864594364198338].
Image

Image
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0

barbaz
Senior Member
Posts: 9263
Joined: Sat Aug 03, 2013 5:45 pm

Re: youtube xss

Post by barbaz » Wed Aug 23, 2017 12:48 am

This looks like an issue that was fixed in NoScript 5.0.9rc2. What version of NoScript are you using?
*Always* check the changelogs BEFORE updating that important software!
-

User avatar
cartel
Junior Member
Posts: 46
Joined: Sun Jul 14, 2013 11:31 pm

Re: youtube xss

Post by cartel » Wed Aug 23, 2017 12:56 am

barbaz wrote:This looks like an issue that was fixed in NoScript 5.0.9rc2. What version of NoScript are you using?
5.0.6...I'll give it a try, just showed up today.
thanks

Code: Select all

Name 	Pale Moon
Version 	27.4.2
Build ID 	20170821181241
Update History 	
Update Channel 	default
User Agent 	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
OS 	Windows_NT 6.1
Multiprocess Windows 	0/3 (default: false)
Safe Mode 	false

Extensions
Name 	Version 	Enabled 	ID
NoScript	5.0.6	true	{73a6fe31-595d-460b-a920-fcc0f8843232}
NoSquint	2.1.9.1-signed.1-signed	true	nosquint@urandom.ca
Pale Moon Commander	1.7.3	true	commander@palemoon.org
RefControl	0.8.17.1-signed.1-signed	true	{455D905A-D37C-4643-A9E2-F6FEFAA0424A}
uBlock Origin	1.13.4	true	uBlock0@raymondhill.netName 	Pale Moon
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0

User avatar
cartel
Junior Member
Posts: 46
Joined: Sun Jul 14, 2013 11:31 pm

Re: youtube xss

Post by cartel » Wed Aug 23, 2017 12:58 am

Yes fixed, thank you

5.0.9
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0

Post Reply