Repeated XSS warnings

[sage11]

Please forgive me if this has been posted. I tried searching and came up with nothing.

Currenly using NoScript and FF 57.0.4, but this issue started immediately when NoScript was able to launch with FF57. The XSS warning will *constantly* *repeatedly* prompt on some sites, no matter if I choose block, sanitize, allow, or always allow. Sometimes it will go away after 3-5 clicks, but sometimes I click the X to close the window 10+ times and it will not close.

I can't figure out the reason, for example, I am sure I've whitelisted tumblr.com in NS, but it still happens.

I tried searching this forum for XSS and it returns zero results (oddly), so again, please forgive me if I'm missing a post on this. I'm sure I'm missing some simple setting. TIA!

[barbaz]

I tried searching this forum for XSS and it returns zero results (oddly),

That's what the red color portion of my sig is about.

Is this same issue as https://forums.informaction.com/viewtop ... =7&t=24423 ?

[sage11]

Thanks, barbaz. Not sure that topic is exactly what I'm encountering, but sounds quite close. I'm not opening from bookmarks, but I do think this happens only on pages I've saved through the (new to me) Tab Session Manager which are bookmarks in a way, no? If I encounter anything different, I'll note it. Happy to wait and see if the fix being investigated relates to what I'm seeing. Thanks again.

[Giorgio Maone]

Those which happen on Tumblr should be fixed in 10.1.6.3 (i.e. you should be able to set them to "Allow always" or "Block always" and be honored).
If not, could you please provide more details by copy & pasting the middle part of the warning you get? Thanks!

[sage11]

Thanks, Giorgio. Good to know the tumblr piece will be fixed in the next launch.

Here's a link from someecards.com I just clicked, as another example (created from newly launched tab so cancels my idea of tab session manager being related). Whitelisting base domain and all the facebook options in NS doesn't appear to have any affect.

"NoScript detected a potential Cross-Site Scripting attack
from https://www.someecards.com to https://www.facebook.com.
Suspicious data:
URIError: malformed URI sequence,(URL) https://www.facebook.com/plugins/commen ... &width=100%"

[sage11]

AFTER scouring the options to whitelist, I noticed "connect.facebook.net" not added, so when I did that, the message changed (still pops back up repeatedly no matter what I choose):

"NoScript detected a potential Cross-Site Scripting attack
from https://www.someecards.com to https://www.facebook.com.
Suspicious data:
URIError: malformed URI sequence,(URL) https://www.facebook.com/plugins/commen ... &width=100%"

I hope this helps. Let me know if I can provide more details.

[Giorgio Maone]

Please check latest development build, thanks:
v 10.1.6.4rc1
=============================================================
x [XSS] Fixed false positives on badly encoded URLs (thanks
sage11 for reporting)

[sage11]

Wow, I even got a nod for helping to report. Thanks!