I'm trying to enter an XSS exception for a site where NoScript seems to be blocking successful logins, but I can't find the exceptions page or form in the NoScript options.
When I click Settings -> Advanced Tab,all I see is a greyed area with the tabs on top, then a check-box saying "Sanitize cross-site suspicious requests" with a button "Clear XSS Choices" which I haven't clicked.
Then under that is a line, and another greyed area with a check-box saying "Debug".
Shouldn't there be a field here for me to enter my exceptions?
I know I've already entered on exception myself a year or so ago.
I'm using FF 59.0.2 with NoScript 10.1.7.5.
Where is the XSS Exceptions form?
Where is the XSS Exceptions form?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Where is the XSS Exceptions form?
Moving to NoScript Development because I don't think there is a XSS Exceptions form yet.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Where is the XSS Exceptions form?
Oh, I see - there used to be one before the big upgrade - I remember entering a regular expression for my bank's URL to stop NoScript killing the XSS-style stuff it was doing.
I assume that setting is still in the config somewhere since my banking website still works - or maybe not. Is there a setting I can set manually then?
I assume that setting is still in the config somewhere since my banking website still works - or maybe not. Is there a setting I can set manually then?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Where is the XSS Exceptions form?
As a workaround, you can export your NS settings, edit the XSS exceptions manually, then import the modified config back.
*Always* check the changelogs BEFORE updating that important software!
-
Re: Where is the XSS Exceptions form?
OK, I'll give that a try.
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Where is the XSS Exceptions form?
I checked in my prefs.js and I couldn't find any reference to my bank website which NoScript had disabled last year.
I have the XSS checkbox checked, so I'm not sure what NoScript is doing.
I also discovered that actually NoScript is not blocking the website I'm having problems with - it is in fact the TreeTabs add-in, bizarrely.
While I'm here though, what does NoScript do with XSS? Is it done on each suspected XSS request? I see a few of those and I can allow or forbid them individually. Has that replaced the list form of regex patterns of earlier versions?
I have the XSS checkbox checked, so I'm not sure what NoScript is doing.
I also discovered that actually NoScript is not blocking the website I'm having problems with - it is in fact the TreeTabs add-in, bizarrely.
While I'm here though, what does NoScript do with XSS? Is it done on each suspected XSS request? I see a few of those and I can allow or forbid them individually. Has that replaced the list form of regex patterns of earlier versions?
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0
Re: Where is the XSS Exceptions form?
NoScript 10 just blocks the request containing the XSS attempt - https://hackademix.net/2017/12/01/noscr ... ment-39541ahardy42 wrote:what does NoScript do with XSS?
I think you should be prompted unless you have a "Always allow" or "Always block" rule.ahardy42 wrote:Is it done on each suspected XSS request?
*Always* check the changelogs BEFORE updating that important software!
-