NoScript v10: XSS Warning and Suspicious data: window.name

Ask for help about NoScript, no registration needed to post
Post Reply
daniel4859

NoScript v10: XSS Warning and Suspicious data: window.name

Post by daniel4859 »

Hello. I decided to create a new thread about NoScript XSS Warning, because of a [FIXED] mark for a previous one (see; "[FIXED] Constant XSS Warnings"). I just don't know if Mr Maone saw my post about window.name type of suspicious data etc. So, here it's:

Mr Maone, you have written, that "Some or all of these issues (those with the "TypeError: ic is undefined" message) should be fixed...", right? However, I would like to write about one more type of such a warning. It's about google.com website and detected a potential Cross-Site Scripting Attack. Lets see:

Code: Select all

NoScript XSS Warning

    NoScript detected a potential Cross-Site Scripting attack
    from [...] to https://google.com.
    Suspicious data:
    window.name

                     (o) Sanitize this request
                     ( ) Always block document requests from [...] to https://google.com
                     ( ) Allow this request
                     ( ) Always allow document requests from [...] to https://google.com
As we can see, above popup warning window is different from those mentioned earlier in mentioned thread etc. (see; "[FIXED] Constant XSS Warnings"). In this case suspicious data is: 'window.name' (not 'TypeError: ic is undefined') and there is an option to 'Sanitize this request' (instead of 'Block this request') etc.

A couple of weeks ago, I've had such a situation with NoScript XSS Warning. One with Suspicious data ('TypeError: ic is undefined,(URL)', which is now fixed; see; "[FIXED] Constant XSS Warnings" thread) and second one with a different data, which is mentioned above.

So, I would like to ask Mr Maone if window.name issue is also fixed in latest Development version? I'm aksing, because vincentadultman user had wrote, that he reproduced this error on qubes-os.org website.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0
Top
User avatar
Giorgio Maone
Site Admin
Posts: 9538
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:
Contact Giorgio Maone

Re: NoScript v10: XSS Warning and Suspicious data: window.na

Post by Giorgio Maone »

Please check latest development build,
v 10.1.6.5rc2
=============================================================
x [XSS] More specific and unobtrusive handling of window.name
sanitization

Thank you.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Top
Post Reply

Return to “NoScript Support”