Page 2 of 4
Re: New gmx web interface
Posted: Wed May 21, 2014 7:50 pm
by dood_97
Thanks for this quick update,
Is it possible to add some gmx derivatives address?
Like gmx.fr, gmx.net, caramail.com, caramail.fr...
Would be nice for non-english speaking users of gmx who do not connect through the gmx.com portal.
Re: New gmx web interface
Posted: Wed May 21, 2014 8:29 pm
by Giorgio Maone
dood_97 wrote:
Like gmx.fr, gmx.net, caramail.com, caramail.fr...
Would be nice for non-english speaking users of gmx who do not connect through the gmx.com portal.
Ouch, I wasn't aware of such ramifications
Is an exhaustive list available anywhere?
Could you please provide me with some [NoScript XSS] or [Injection Checker]
Error Console (Ctrl+Shift+J) messages like the one reported by the OP?
Re: New gmx web interface
Posted: Wed May 21, 2014 9:38 pm
by dood_97
I didn't find an exhaustive list, I found same troubles with:
- gmx.co.uk
- gmx.es
- gmx.fr
- gmx.us
- mail.com
- caramail.com
- caramail.fr
Other addresses -> redirect to gmx.com (so ok now) or gmx.net (another portal)
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.co.uk/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.co.uk /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.co.uk/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29%2%28dataCenter%29.gmx.co.uk%2Flogin] depuis [https://gmx.co.uk/] : transformé en une simple requête de téléchargement GET.
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.es/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.es /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.es/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.es%2Flogin] depuis [https://gmx.es/] : transformé en une simple requête de téléchargement GET.
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.fr/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.fr /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.fr/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.fr%2Flogin] depuis [https://gmx.fr/] : transformé en une simple requête de téléchargement GET.
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).mail.com/login
(function anonymous() {
$(clientName)-$(dataCenter).mail.com /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.mail.com/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.mail.com%2Flogin] depuis [https://mail.com/int/] : transformé en une simple requête de téléchargement GET.
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).caramail.com/login
(function anonymous() {
$(clientName)-$(dataCenter).caramail.com /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.caramail.com/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.caramail.com%2Flogin] depuis [https://caramail.com/] : transformé en une simple requête de téléchargement GET.
Re: New gmx web interface
Posted: Fri May 23, 2014 7:52 pm
by Luigi
I still have to login twice at times. What should I check?
Re: New gmx web interface
Posted: Fri May 23, 2014 8:40 pm
by Giorgio Maone
Please try with
latest development build 2.6.8.26rc1.
If the problem persists, please recheck your
Error Console (Ctrl+Shift+J).
Re: New gmx web interface
Posted: Sat May 24, 2014 11:02 am
by dood_97
With 2.6.8.26rc1:
gmx.co.uk
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.co.uk/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.co.uk /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.co.uk/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.co.uk%2Flogin] depuis [https://www.gmx.co.uk/] : transformé en une simple requête de téléchargement GET.
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place.
gmx.es
Code: Select all
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place. lib-head-final.js:2
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.es/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.es /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.es/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.es%2Flogin] depuis [https://www.gmx.es/] : transformé en une simple requête de téléchargement GET.
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place.
gmx.fr
Code: Select all
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place. lib-head-final.js:2
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.fr/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.fr /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.fr/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.fr%2Flogin] depuis [https://www.gmx.fr/] : transformé en une simple requête de téléchargement GET.
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place.
gmx.us -> OK
mail.com -> OK
caramail.com
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.fr/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.fr /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.fr/login#.1559608-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.fr%2Flogin] depuis [http://caramail.com/] : transformé en une simple requête de téléchargement GET.
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place.
caramail.fr
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.fr/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.fr /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Nettoyé téléversement suspicieux vers [https://login.gmx.fr/login#.1556788-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.fr%2Flogin] depuis [http://caramail.fr/] : transformé en une simple requête de téléchargement GET.
L'utilisation de « getPreventDefault() » est obsolète. Utiliser « defaultPrevented » à la place.
You can see those messages even if you don't have an account @gmx when attempting to login, You should normally be redirect to an invalid Email address / password combination but it doesn't because of the cross-site scripting warning, if you want to test.
Re: New gmx web interface
Posted: Wed May 28, 2014 6:58 am
by Luigi
I keep having to login twice. I couldn't find anything of interest in the console (after the first login I get redirected to the login page without any error).
Is there anything else I can do?
Re: New gmx web interface
Posted: Thu May 29, 2014 10:22 pm
by Giorgio Maone
Please check
latest development build 2.6.8.27rc1, thanks.
Re: New gmx web interface
Posted: Sun Jun 01, 2014 11:18 am
by Luigi
No change.
I can't always reproduce it, though.
Re: New gmx web interface
Posted: Mon Jun 23, 2014 1:18 pm
by Luigi
Thread bump and update: I keep having to login twice, but only on linux (even with the last RC).
Re: New gmx web interface
Posted: Mon Jun 23, 2014 5:16 pm
by barbaz
Luigi wrote:Thread bump and update: I keep having to login twice, but only on linux (even with the last RC).
Next time it fails, please post here any related messages you see in the Browser Console (Ctrl-Shift-J).
(if you don't know what's related, turn off CSS warnings and post whatever is left)
Re: New gmx web interface
Posted: Tue Jun 24, 2014 6:10 am
by dood_97
Same thing here, have to log-in twice (NoScript 2.6.8.29)
first attempt -> go back to gmx page
second: message that I forgot to sign out of my last session.
After no problems to connect until browser restart.
Nothing more significant in the console.
Maybe related to js-ui.portal.de (?)
Re: New gmx web interface
Posted: Tue Jun 24, 2014 10:58 am
by Giorgio Maone
dood_97 wrote:Same thing here, have to log-in twice (NoScript 2.6.8.29)
first attempt -> go back to gmx page
second: message that I forgot to sign out of my last session.
After no problems to connect until browser restart.
Nothing more significant in the console.
Maybe related to js-ui.portal.de (?)
Surely, looking at the console it doesn't seem a XSS-related thing anymore.
Does the problem go away if you disable NoScript?
What if you use "Allow scripts globally"?
What about "Allow all on this page"?
Re: New gmx web interface
Posted: Thu Jun 26, 2014 10:49 am
by Luigi
barbaz wrote:Luigi wrote:Thread bump and update: I keep having to login twice, but only on linux (even with the last RC).
Next time it fails, please post here any related messages you see in the Browser Console (Ctrl-Shift-J).
(if you don't know what's related, turn off CSS warnings and post whatever is left)
Here it is:
Code: Select all
POST https://login.gmx.com/login#.###DATA###-header-login1-1 [HTTP/1.1 302 Found 552ms]
POST http://ocsp.thawte.com/ [HTTP/1.1 200 OK 127ms]
GET https://navigator-bs.gmx.com/login [HTTP/1.0 302 Found 470ms]
POST http://ocsp.thawte.com/ [HTTP/1.1 200 OK 78ms]
GET https://navigator-bs.gmx.com/navigator/feature_detection [HTTP/1.0 200 OK 314ms]
GET https://navigator-bs.gmx.com/remindlogout [HTTP/1.0 200 OK 302ms]
GET https://navigator-bs.gmx.com/favicon.ico [HTTP/1.0 302 Found 263ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/img/misc/logout_visual_english.png [HTTP/1.1 200 OK 94ms]
GET https://www.gmx.com/favicon.ico [HTTP/1.1 301 Moved Permanently 355ms]
GET https://navigator-bs.gmx.com/navigator/show [HTTP/1.0 200 OK 334ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/css//navigator/default_gmx.css [HTTP/1.1 200 OK 58ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/img//navigator//loading.gif [HTTP/1.1 200 OK 174ms]
GET https://sec-s.uicdn.com/nav-cdn/shared/jquery/1.7.1/jquery-1.7.1.min.js [HTTP/1.1 200 OK 216ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/js//navigator/navigator.min.js [HTTP/1.1 200 OK 225ms]
GET https://sec-s.uicdn.com/nav-cdn/favicon_gmx.ico [HTTP/1.1 200 OK 61ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/img//navigator//background_verlauf.png [HTTP/1.1 200 OK 63ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/img//navigator//gmx_icon_sprite.png [HTTP/1.1 200 OK 91ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/img//navigator//feedback_lasche.png [HTTP/1.1 200 OK 94ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-mailint/1.8.3/img/p.gif [HTTP/1.1 200 OK 52ms]
GET https://trackbar.navigator-bs.gmx.com/ [HTTP/1.0 200 OK 712ms]
GET https://home.navigator-bs.gmx.com/home/show [HTTP/1.0 200 OK 453ms]
GET https://3c-bs.gmx.com/mail/client/start;jsessionid=###DATA### [HTTP/1.1 200 OK 762ms]
POST http://ocsp.thawte.com/ [HTTP/1.1 200 OK 396ms]
POST http://ocsp.thawte.com/ [HTTP/1.1 200 OK 506ms]
POST http://ocsp.thawte.com/ [HTTP/1.1 200 OK 152ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://home.navigator-bs.gmx.com/home/show [HTTP/1.0 200 OK 376ms]
GET https://sec-s.uicdn.com/nav-cdn/home/preloader.gif [HTTP/1.1 200 OK 60ms]
GET https://sec-s.uicdn.com/nav-cdn/shared/jquery/1.8.2/jquery-1.8.2.js [HTTP/1.1 200 OK 190ms]
GET https://sec-s.uicdn.com/nav-cdn/home/preloader-background.png [HTTP/1.1 200 OK 69ms]
GET https://js.ui-portal.de/c/eic/eic.js [HTTP/1.1 200 OK 342ms]
GET https://trackbar.navigator-bs.gmx.com/ [HTTP/1.0 200 OK 510ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://js.ui-portal.de/apps/shared/jquery/1.7.1/jquery-1.7.1.min.js [HTTP/1.1 200 OK 583ms]
GET https://js.ui-portal.de/apps/navigator-common/iac/client/3.1.0/iac.client-3.1.0.min.js [HTTP/1.1 200 OK 1024ms]
GET https://js.ui-portal.de/apps/trackbar/2.6.0/trackbar-package.js [HTTP/1.1 200 OK 769ms]
GET https://sec-s.uicdn.com/nav-cdn/navigator-common/iac/client/4.0.0/iac.client-4.0.0.min.js [HTTP/1.1 200 OK 68ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://3c-bs.gmx.com/mail/client/start;jsessionid=###DATA### [HTTP/1.1 302 Found 162ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/en/js/language-vEr-61363937346465.js [HTTP/1.1 200 OK 146ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/css/denselyintenseblue-top-bundle-vEr-3738376564393664.css [HTTP/1.1 200 OK 145ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/css/denselyintenseblue-base-bundle-vEr-3561363434323635.css [HTTP/1.1 200 OK 152ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/css/denselyintenseblue-ua-ff-bundle-vEr-3630616439323563.css [HTTP/1.1 200 OK 156ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/js/head-vEr-6132363136346137.js [HTTP/1.1 200 OK 161ms]
GET https://js.ui-portal.de/apps/shared/jquery/1.8.3/jquery-1.8.3.min.js [HTTP/1.1 200 OK 1124ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/js/core-vEr-3465316631633336.js [HTTP/1.1 200 OK 283ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/js/jqueryui-vEr-6630336635343631.js [HTTP/1.1 200 OK 303ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/js/behavior-vEr-3361383133373438.js [HTTP/1.1 200 OK 375ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/js/external-vEr-33636566343532.js [HTTP/1.1 200 OK 344ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://3c-bs.gmx.com/mail/client/iac/restart;jsessionid=###DATA### [HTTP/1.1 200 OK 130ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://js.ui-portal.de/apps/navigator-common/iac/eic.iac.mapping.js [HTTP/1.1 200 OK 479ms]
GET https://sec-s.uicdn.com/3c-cdn/mail/client/wicket/resource/static-res/---/mc/img/spinner_blue-cdcfb4b0.gif [HTTP/1.1 200 OK 108ms]
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://sec-s.uicdn.com/nav-cdn/home-mailint/1.6.3/js/cockpit/cockpit.min.js [HTTP/1.1 200 OK 91ms]
GET https://img.ui-portal.de/wa/t.gif [0ms]
GET https://img.ui-portal.de/wa/t.gif [0ms]
GET https://img.ui-portal.de/wa/t.gif [0ms]
[NoScript HTTPS] Forced URI https://www.gmx.com/
GET https://www.gmx.com/ [HTTP/1.1 200 OK 252ms]
GET https://home.navigator-bs.gmx.com/home/getmodule/###DATA### [HTTP/1.0 200 OK 388ms]
Use of getPreventDefault() is deprecated. Use defaultPrevented instead. jquery-1.8.3.min.js:2
Use of getUserData() or setUserData() is deprecated. Use WeakMap or element.dataset instead. requestNotifier.js:63
GET https://px.wa.ui-portal.de/gmx/gmx-com/s [HTTP/1.1 200 OK 332ms]
Re: New gmx web interface
Posted: Thu Jun 26, 2014 8:32 pm
by Giorgio Maone
Are you forcing HTTPS on gmx via NoScript?
What if you don't?