InformAction Forums

This shouldn't make any difference, but try:

Thrawn,
I was possibly editing my last post, now on page 1, when you posted. I saw another url in the log and tried something else but it didn't work.

What will entering the url 3 times do?

planet222

Oh, the key part of the message got lost in your previous post. You need this rule

barbaz,
That seemed to do the trick. Thank you.
Now what exactly does this code in ABE protect me from?

regards,planet222

All cross-site requests. So, it won't be possible for someone to set up a trap site that will XSS the mortgage site when you visit the trap. CSRF will be blocked too.

Thank you both for your assistance. I feel much more secure now. Just so I understand the sequence of this occurrance. When I visited the site and noscript flagged the XSS and wouldn't allow me to log in, no script was identifying the XSS vulnerability in the site's code (correct?). Then, in order to access the site, I needed to create the exemption on the XSS exemption tab. Finally, in order to secure my browser against attack, I needed the codes in ABE.

Now, if someone set up a trap, would the site still function for my firefox browser but noscript sandbox my interaction from harm?

planet222 wrote:When I visited the site and noscript flagged the XSS and wouldn't allow me to log in, no script was identifying the XSS vulnerability in the site's code (correct?). Then, in order to access the site, I needed to create the exemption on the XSS exemption tab. Finally, in order to secure my browser against attack, I needed the codes in ABE.

Yes.

Now, if someone set up a trap, would the site still function for my firefox browser but noscript sandbox my interaction from harm?

Pretty much, yes. The mortgagequestions site can keep sending requests to itself, no problems, but other sites are forbidden to do so.