InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

Ads displaying as code when all scripts are allowed

https://forums.informaction.com/viewtopic.php?t=20358

Page 1 of 1

Ads displaying as code when all scripts are allowed

Posted: Thu Dec 11, 2014 12:28 am
by Bush Hayvers
I have NoScript 2.6.9.6 installed on Firefox 34.0 and it is stopping adverts from loading on http://superbestfriendsplay.com despite being set to allow everything on the page, and the page itself being in the whitelist. They display like this http://i.imgur.com/eutzTZg.jpg instead. This has only started happening in the last few days. Disabling NoScript entirely brings the adverts back, so I know it isn't AdBlock Plus etc. As far as I can see this is the only site this is happening on.

I'd like to support the guys behind that site, so any help would be much appreciated.

Re: Ads displaying as code when all scripts are allowed

Posted: Thu Dec 11, 2014 5:58 am
by barbaz
Confirmed.

Well, I am seeing a lot of XSS messages saying something about sanitised window.name, and a few messages that are nothing but a URL followed by "about:blank"?
Don't know how to get around it (or if doing so would actually let a malicious threat in), sorry.

The actual console output is way way *way* **way** too long to post here - 344KB total!! - so I've uploaded it to [x].

Re: Ads displaying as code when all scripts are allowed

Posted: Fri Dec 12, 2014 12:44 am
by Thrawn
That's weird, it looks like NoScript is saying that someone is putting an entire HTML page into window.name.

Maybe it is this insanity? If so, then please leave it blocked for your own safety.

Re: Ads displaying as code when all scripts are allowed

Posted: Thu Jan 29, 2015 8:34 pm
by barbaz
barbaz wrote:The actual console output is way way *way* **way** too long to post here - 344KB total!! - so I've uploaded it to
Is there any point to keep that up anymore?

Re: Ads displaying as code when all scripts are allowed

Posted: Fri Jan 30, 2015 3:28 am
by Thrawn
A snippet should do:

Code: Select all

[NoScript XSS]: sanitized window.name, "1-0-1;87172;<!doctype html><html><head><style><!--
a:link { color: #ffffff }a:visited { color: #ffffff }a:hover { color: #ffffff }a:active { color: #ffffff }  --></style><script><!--
(function(){var d=this,f=function(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";else if("function"==b&&"undefined"==typeof a.call)return"object";return b};var g;e:{var h=d.navigator;if(h){var k=h.userAgent;if(k){g=k;break e}}g=""};var l=-1!=g.indexOf("Opera")||-1!=g.indexOf("OPR"),n=-1!=g.indexOf("Trident")||-1!=g.indexOf("MSIE"),p=-1!=g.indexOf("Gecko")&&-1==g.toLowerCase().indexOf("webkit")&&!(-1!=g.indexOf("Trident")||-1!=g.indexOf("MSIE")),q=-1!=g.toLowerCase().indexOf("webkit");(function(){var a="",b;if(l&&d.opera)return a=d.opera.version,"function"==f(a)?a():a;p?b=/rv\:([^\);]+)(\)|;)/:n?b=/\b(?:MSIE|rv)[: ]([^\);]+)(\)|;)/:q&&(b=/WebKit\/(\S+)/);b&&(a=(a=b.exec(g))?a[1]:"");return n&&(b=(b=d.document)?b.documentMode:void 0,b>parseFloat(a))?String(b):a})();var r={};window.ss=function(a){void 0!==r[a]?r[a]++:r[a]=1;var b=document.getElementById(a),c=r[a];if(window.css)css(a,"nm",c,void 0,void 0);else if(b){a=b.href;var e=a.indexOf("&nm=");if(0>e)c=a+"&nm="+c;else var e=e+4,m=a.indexOf("&",e),c=0<=m?a.substring(0,e)+c+a.substring(m):a.substring(0,e)+c;b.href=2E3<c.length?a:c}};})();function su(id) {var a = document.getElementById(id);var b = (new Date()).getTime();if (a && a.myt && b) {var t = b - a.myt;if (window.css) {css(id,'clkt',t);return;}var bi = a.href.indexOf("&clkt=");if (bi > 0) {var c = a.href.substring(0, bi+6); var d = a.href.substring(bi+6, a.href.length);var ei = d.indexOf("&");var r = '';if (ei >= 0)r = d.substring(ei, d.length);a.href = c + t + r; } else {a.href += "&clkt=" + t;}}}(function(){var d=this,g=function(a){var b=typeof a;if("object"==b)if(a){if(a instanceof Array)return"array";if(a instanceof Object)return b;var c=Object.prototype.toString.call(a);if("[object Window]"==c)return"object";if("[object Array]"==c||"number"==typeof a.length&&"undefined"!=typeof a.splice&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("splice"))return"array";if("[object Function]"==c||"undefined"!=typeof a.call&&"undefined"!=typeof a.propertyIsEnumerable&&!a.propertyIsEnumerable("call"))return"function"}else return"null";else ...
URL: http://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html#xpc=sf-gdn-exp-2&p=http%3A//superbestfriendsplay.com

http://tpc.googlesyndication.com/safeframe/1-0-1/html/container.html#xpc=sf-gdn-exp-2&p=http%3A//superbestfriendsplay.com
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited