InformAction Forums

Posted: **Tue Nov 26, 2013 2:09 pm**

I'm trying to search for something on ebay, the search is stored in my bookmarks.

here is the url:

http://www.ebay.co.uk/sch/i.html?_trksi ... &_from=R40

Noscript comes up with:

NoScript filtered a potential cross site scripting attempt (XXS) from (chrome)

and strips out the brackets from my search in the ebay search box.

this is really not helpful. why is it doing this?

Posted: **Tue Nov 26, 2013 2:24 pm**

Can you post the [NoScript] message in Error Console (or whatever it may now be called, & perhaps Ctrl+Shift+J)?

Posted: **Tue Nov 26, 2013 2:37 pm**

[NoScript InjectionChecker] JavaScript Injection in ///sch/i.html?_trksid=p2050601.m570.l1313&_nkw=pringle (beanie,knitted,wool,merino) (beanie,hat)&_sacat=0&_from=R40
(function anonymous() {
pringle (beanie,knitted,wool,merino) (beanie,hat) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

[NoScript XSS] Sanitized suspicious request. Original URL [http://www.ebay.co.uk/sch/i.html?_trksi ... &_from=R40] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://www.ebay.co.uk/sch/i.html?_trksi ... 3966927828].

Security Error: Content at https://www.google.co.uk/ may not load data from http://www.ebay.co.uk/sch/i.html?_trksi ... 3966927828.

Posted: **Tue Nov 26, 2013 2:40 pm**

Is that it? control-shft-j didn't seem to do anything.

Posted: **Tue Nov 26, 2013 3:04 pm**

Yeah, that's it.
Didn't realize I could generate it myself.

ebay.co.uk & ebaystatic.com Allowed.

Will have to wait for others to make sense of it?

Code: Select all

[NoScript InjectionChecker] JavaScript Injection in ///sch/i.html?_trksid=p2050601.m570.l1313&_nkw=pringle  (beanie,knitted,wool,merino)   (beanie,hat)&_sacat=0&_from=R40
(function anonymous() {
pringle (beanie,knitted,wool,merino) (beanie,hat) /* COMMENT_TERMINATOR */
DUMMY_EXPR
})

Code: Select all

[NoScript XSS] Sanitized suspicious request. Original URL [http://www.ebay.co.uk/sch/i.html?_trksid=p2050601.m570.l1313&_nkw=pringle++%28beanie%2Cknitted%2Cwool%2Cmerino%29+++%28beanie%2Chat%29&_sacat=0&_from=R40] requested from [chrome://browser/content/browser.xul]. Sanitized URL: [http://www.ebay.co.uk/sch/i.html?_trksid=p2050601.m570.l1313&_nkw=pringle+%20beanie%2Cknitted%2Cwool%2Cmerino%20+%20beanie%2Chat%20&_sacat=0&_from=R40#2735226904754562148].

Posted: **Tue Nov 26, 2013 5:37 pm**

See http://forums.informaction.com/viewtopi ... =7&t=17774 for how to make XSS exceptions.

dave53 wrote:Is that it? control-shft-j didn't seem to do anything.

@dave53: Accel key for us Mac users is command, not ctrl (except when dealing with Adblock Plus). Try command-shift-J instead.

InformAction Forums

NoScript filtered a potential cross site scritpting attempt

NoScript filtered a potential cross site scritpting attempt

Re: NoScript filtered a potential cross site scritpting atte

Re: NoScript filtered a potential cross site scritpting atte

Re: NoScript filtered a potential cross site scritpting atte

Re: NoScript filtered a potential cross site scritpting atte

Re: NoScript filtered a potential cross site scritpting atte