XSS yellow bars

[Jojo999]

This seems machine dependent to me, because for me all provided links in this topic work for me.

FF14
NoScript V2.4.9
location: Germany

Cheers,
Dany

The problem isn't that the links aren't working, it was that I was seeing NS XSS errors when I went to these sites.

[therube]

And you're running what, NoScript >= 2.5 ?

Believe it's going to need some more fiddling before things settle down.

[Jojo999]

And you're running what, NoScript >= 2.5 ?

Believe it's going to need some more fiddling before things settle down.

Running 2.4.9

I'm OK with the fiddling if that is what I have to do. What I did not understand was why domains that have been allowed for some time suddenly started producing XSS errors.

[DanyR]

This seems machine dependent to me, because for me all provided links in this topic work for me.

FF14
NoScript V2.4.9
location: Germany

Cheers,
Dany

The problem isn't that the links aren't working, it was that I was seeing NS XSS errors when I went to these sites.

Yep, and with "link is working for me" I meant that I'm not getting any XSSes... That strikes me weird. I - and probably just I - just have a similar problem with XSS with login.live.com and all visualstudiogallery.msdn.microsoft.com sites - but only when logged in...

Cheers,
Dany

[therube]

No I meant fiddling by Giorgio.

BTW, while yimg.com was the source of (one of) your earlier issue, & not allowing it does get around the issue, thinking you're going to find more cases where it will be needed.

[Jojo999]

No I meant fiddling by Giorgio.

BTW, while yimg.com was the source of (one of) your earlier issue, & not allowing it does get around the issue, thinking you're going to find more cases where it will be needed.

Yup. Just found that internal TABS on the TOP STORIES section of my custom home page on Yahoo don't work unless I enable l.yimg.com. So it is back on and enabled now.

[therube]

> OK, forbidding blueakai worked on the Marketwatch site.

I see that bluekai.com turns up on http://www.verizonwireless.com/b2c/index.html & as soon as I allow bluekai.com, I'm hit with an XSS warning.

[GµårÐïåñ]

I don't care to help you anymore because 1) you have shown your great ignorance, 2) shown you don't deserve the help, and 3) don't have the required comprehension to get it. But just for the record, you are STILL using a theme, not in Fx, but certainly in windows, as last time I checked there is no PINK version of windows. System level themes are even worse in many cases, specially if the application uses system based colors and controls and they result in unexpected or unnecessary changes. If you don't think that themes are a feasible problem, then you don't know jack. As proven by you saying that because it happens on SOME pages and not all, it can't be an extension conflict, you couldn't be more wrong. If you think you know better, then leave and fix it on your own, but if you are asking us, then we must know something about it that you don't, otherwise we wouldn't suggest it.

[GµårÐïåñ]

This seems machine dependent to me, because for me all provided links in this topic work for me.

FF14
NoScript V2.4.9
location: Germany

Cheers,
Dany

It works for all of us too but the user seems to insist and think they are special. We do everything we can including breaking normal function to reproduce issues so we can help and yet the user thinks its all just shot in the dark catch all crap that has nothing to do with him. Not to mention he is using 3.x which puts him at the outer edge of basic compatibility and support, so he might very well be affected because he is using an old browser that can't play nice with newer protocols that many sites use.

[DanyR]

OK, one last try (I know that I'm hopeless).

Just recently I narrowed it down by running FF with -P (profiles) and created a new profile. Then I installed only NoScript and tried my sites with problems I had. Everything was working until I enabled scripts for a certain site (actually the main site) when it finally broke.
Then, by providing enough information (console log, "unsafe reload" dialog content) I got a RegEx which actually worked.

@ Jojo999: please give us a chance to help you...

Cheers,
Dany

[Giorgio Maone]

Please check latest development build 2.5rc3, which should work-around the Yahoo! issue (due to them passing Base64-encoded HTML cross-domain, from news.yahoo.com to yimg.com).

[GµårÐïåñ]

[Content removed by the Administrator, because it belongs into a private conversation]