Hello all,
First of all, I’d like to say that I adore this extension and I don’t understand how I went years without it. So thanks bunches for it.
So here’s the issue:
There has been two occasions semi-recently in which I’ve gotten XSS warning pop-ups after permitting certain scripts (that seemed to be necessary for the sites to function) and reloading the page- but the popup just disappears after a few seconds! It does not even load to show me what it is detecting, it is just blank white and disappears. When I check my history, it is indeed an XSS warning from Noscript.
So… what’s up with this? Were these potential attacks blocked or did they make their way through (I did clear my cookies after both incidents)? Could it be another extension or app or even Firefox itself suppressing the warnings? It has happened on both tripadvisor (I forget after which script was allowed) and on disneyworld.disney.go.com after allowing the ‘wdpromedia’ script.
I have to log on to the latter website soon, as my best friend and I are planning our vacation right now, and that website doesn’t seem to work without allowing ‘wdpromedia’… Is it safe?
Thanks for any and all help.
XSS warnings disappear after a few seconds?
-
Just a guest
XSS warnings disappear after a few seconds?
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
Re: XSS warnings disappear after a few seconds?
Cannot reproduce the blank disappearing popup. On the disneyworld page, I got an XSS dialog that says this -
(Well, I saw it once, but going there a second time I didn't see any XSS warning.)
I don't think this is actual XSS. It's related to some ad on that page.
If you want further help, could you please go to NoScript Options > Export, and post or PM me the contents of the export file?
Code: Select all
NoScript detected a potential Cross-Site Scripting attack
from https://2789293.fls.doubleclick.net to https://adservice.google.com.
Suspicious data:
(URL) https://adservice.google.com/ddm/fls/i/src=2789293;type=wdwus722;cat=lyler868;u20=USD;u22=PROD;u1=anonymous;u2=Guest;u3=STD_GST;u19=18536773935930368851760513930106141733;u21=/;ord=1;num=1550620392541695;_dc_1=1;~oref=https://disneyworld.disney.go.com/I don't think this is actual XSS. It's related to some ad on that page.
If you want further help, could you please go to NoScript Options > Export, and post or PM me the contents of the export file?
*Always* check the changelogs BEFORE updating that important software!
-