InformAction Forums

Posted: **Fri Sep 25, 2015 10:36 pm**

I meant whether there's the messages in the console / whether the XSS filter actually takes any action, in 2.6.9.27

Posted: **Sun Sep 27, 2015 11:00 pm**

They're polluting window.name :s, but it's hard to say at a glance whether they're actually exposing themselves to XSS...

Posted: **Mon Sep 28, 2015 4:05 pm**

@therube: do the older NS XSS filter get tripped like current NS?

No.

Posted: **Fri Oct 02, 2015 7:26 pm**

therube wrote:The slowdown appears to be related to:

chat.nwolb.com

Placing that on the Untrusted list seems to work-around the issue.
(But if you needed "chat", suppose it wouldn't work .)

And this seems to be happening a lot, of late, & in particular with banks; bankofamerica, lloydstsb, & now here.

Why?
Is it something to do with 2.6.9.37 or just crap being loaded into "banks".

Hi. Newb here. I'm having the same problem with chat.nwolb.com. How do I put it on the Untrusted list? Thanks.

Posted: **Fri Oct 02, 2015 7:36 pm**

safemist wrote: chat.nwolb.com. How do I put it on the Untrusted list

NoScript menu > Untrusted > Mark chat.nwolb.com as Untrusted

if you don't see it there,
NoScript Options > Appearance, check "Full Domains"
(and, if needed, Forbid nwolb.com first, then re-allow it after)

Posted: **Fri Oct 02, 2015 8:16 pm**

Thanks! Just to be clear about how this works:

If chat.nwolb.com is a subdomain of nwolb.com, and I untrust chat.nwolb.com, but allow nwolb.com, will I be allowing all of nwolb.com EXCEPT for chat.nwolb.com? Does it recognize the exception? I'm not sure how many of the scripts I need to get full function or I'd block everything.

Is there (or will there be) a general blacklist function somewhere, like the whitelist in reverse?

Thanks again!

Posted: **Fri Oct 02, 2015 8:21 pm**

safemist wrote:If chat.nwolb.com is a subdomain of nwolb.com, and I untrust chat.nwolb.com, but allow nwolb.com, will I be allowing all of nwolb.com EXCEPT for chat.nwolb.com?

Yes

safemist wrote:Is there (or will there be) a general blacklist function somewhere, like the whitelist in reverse?

This is exactly what the Untrusted list feature is.

Posted: **Wed Oct 07, 2015 10:22 am**

barbaz wrote:
safemist wrote: chat.nwolb.com. How do I put it on the Untrusted list
NoScript Options > Untrusted > Mark chat.nwolb.com as Untrusted

if you don't see it there,
NoScript Options > Appearance, check "Full Domains"

Please provide more details on how to do this. Surely it should be trivially simple, but... there is no "Untrusted" tab at the top level of Options in my installation of NoScript, and the one on the Advanced tab has nowhere to input a domain. Checking Full Domains on the Appearance tab has no noticeable effect.

P.S. I notice that when this problem occurs NoScript reports that it is blocking scripts from the IP address of the WAN port of my internet router!?

P.P.S. Changing noscript.untrusted in about:config from empty to "chat.nwolb.com" does the trick - but I would very much prefer to do this via the normal NoScript Options UI.

JPL

Posted: **Wed Oct 07, 2015 2:27 pm**

Oops... I meant to say NoScript menu, not Options. Sorry about that.

Posted: **Wed Oct 07, 2015 2:38 pm**

Ah, I see. OK.

Thanks for the prompt reply.

JPL

InformAction Forums

Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking

Re: Long page open delays using NatWest Online Banking