ebay search failures

[blackheart42]

I'm having a problem with ebay searches using Firefox 17.0 and NoScript 2.6.2. I've searched the forum and the FAQ, but couldn't find anything.

If my ebay search includes one set of brackets for a logical OR, it works fine. If there are more than one set of brackets for two or more logical OR functions, all brackets are replaced by spaces. This occurs if a successful search is loaded from a bookmark or copied/pasted to the address bar. Disabling NoScript clears the problem. The problem didn't exist under NoScript 4.4.

[therube]

Can you posts searches that work & that don't?

[blackheart42]

Can you posts searches that work & that don't?

I should've done that in the first place, shouldn't I?

Copy the following into the search box at ebay.com and hit enter:

(cesium,rubidium)

ebay interprets this as <cesium OR rubidium>

Reload and Shift-Reload work as expected.

Copy the URL and Paste-and-Go. Works as expected.

Now copy the following into the search box and hit enter:

(cesium,rubidium) (oscillator,standard)

ebay interprets this as <cesium OR rubidium> AND <oscillator OR standard>

Reload and Shift-Reload work as expected.

Copy the URL and Paste-and-Go. Instead of finding over 100 items, none are found. But look in the search box. All you see is:

cesium,rubidium oscillator,standard

The brackets have been removed. ebay interprets this as <cesium AND rubidium AND oscillator AND standard>

The same thing occurs if you bookmark the link and then load the bookmark.

You can replace the search terms with anything. Even (A,B) (C,D) shows the problem. I confirmed that this isn't an ebay problem by using WireShark to monitor the outgoing packets. Further testing has shown that this problem is related to the "Sanitize cross-site suspicious requests" XSS option. Disabling it clears the problem. I tried adding the ebay exception filter listed in the FAQ, but it has no effect.

Thanks.

[Thrawn]

Yeah, sounds like an XSS false positive. eBay has a lot of those (and a fair number of actual vulnerabilities, too).

Up to Giorgio to refine the filter, if there's a good way. Can you copy the message from the Error Console (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console) and paste it here?

I guess the workaround is to perform searches from the eBay site instead of via bookmarks.

[blackheart42]

Yeah, sounds like an XSS false positive. eBay has a lot of those (and a fair number of actual vulnerabilities, too).

Up to Giorgio to refine the filter, if there's a good way. Can you copy the message from the Error Console (Ctrl+Shift+J, or Firefox Tools > Web Developer > Error Console) and paste it here?

I guess the workaround is to perform searches from the eBay site instead of via bookmarks.

There are two error messages:

First:
[NoScript InjectionChecker] JavaScript Injection in ///sch/i.html?_trksid=p5197.m570.l1313&_nkw=(cesium,rubidium) (oscillator,standard)&_sacat=0&_from=R40
(function anonymous() {
(cesium,rubidium) (oscillator,standard) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

Second:
[NoScript XSS] Sanitized suspicious request. Original URL [http://www.ebay.com/sch/i.html?_trksid= ... &_from=R40] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://www.ebay.com/sch/i.html?_trksid= ... 2571689564].

Unfortunately, searching from the site by typing things in isn't really possible because I have to use lots of search options to weed out the trash. I did manage to create a working filter but since I don't know regex I'm sure there are better ways to do it. It'll do until Giorgio or someone else who knows what they're doing comes up with something better. At least now I can turn XSS protection back on and be protected at other sites.

Thanks,

[Thrawn]

Thanks for posting those messages; it will help.

I did manage to create a working filter but since I don't know regex I'm sure there are better ways to do it.

I have a basic knowledge of regex, so if you post your filter, I can try to help.