InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

help making XSS exception

https://forums.informaction.com/viewtopic.php?t=14574

Page 1 of 1

help making XSS exception

Posted: Fri May 24, 2013 9:31 pm
by Gazer75
I have no idea how to do regex so need help making the following website work. Assuming the issue is XSS. Its working fine only when I allow scripts globally.
Really love NoScript, but its making way to many government sites not work properly. Guess its because of the way they connect to each other with scripts.

Link

The numbers behind appid= and webmap= will obviously change.

Thank you

Re: help making XSS exception

Posted: Fri May 24, 2013 10:29 pm
by therube
Looks to work for me by allowing:

Code: Select all

+eu-west-1.elb.amazonaws.com
+arcgisonline.com
+arcgis.com

Re: help making XSS exception

Posted: Sat May 25, 2013 7:13 am
by Gazer75
Only a blank page for me...

Re: help making XSS exception

Posted: Sat May 25, 2013 7:18 am
by Gazer75
AdBlock sees the following with NoScript enabled

Code: Select all

http://serverapi.arcgisonline.com/jsapi/arcgis/3.5/js/dojo/dijit/themes/tundra/tundra.css
http://serverapi.arcgisonline.com/jsapi/arcgis/3.5/js/esri/css/esri.css
http://serverapi.arcgisonline.com/jsapi/arcgis/3.5compact
http://vegvesenet.maps.arcgis.com/apps/SimpleMapViewer/javascript/desktopUtils.js
http://vegvesenet.maps.arcgis.com/apps/SimpleMapViewer/javascript/geolocateUtils.js
http://vegvesenet.maps.arcgis.com/apps/SimpleMapViewer/javascript/layout.js

Re: help making XSS exception

Posted: Tue May 28, 2013 5:23 am
by Gazer75
Anyone else have any ideas?

Re: help making XSS exception

Posted: Tue May 28, 2013 10:01 am
by Giorgio Maone
I can't see any XSS issue.
Anyway, I got a blank page too (and also a strange error message window about security permission) until I allowed all the following:
  1. arcgis.com
  2. geodataonline.no
  3. arcgisonline.com
Then the map worked just fine.
Did you try with all these permissions?

Re: help making XSS exception

Posted: Sat Jun 01, 2013 8:25 pm
by Gazer75
Thanks for looking at this.

I have all three are in my whitelist and still nothing but a blank page :(

Re: help making XSS exception

Posted: Sat Jun 01, 2013 10:35 pm
by Giorgio Maone
Gazer75 wrote:Thanks for looking at this.

I have all three are in my whitelist and still nothing but a blank page :(
Could you try on a clean profile with just NoScript installed?
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited