Page 1 of 1
Browser 'not responding'/repeatedly refreshing
Posted: Sun Sep 20, 2015 2:02 am
by Sidney Greenstreet
I've been using NoScript for years. Switched from Firefox to Pale Moon a couple of years ago. In the last two weeks or so my online bank - Santander - has become almost unusable. Clicking into the credential fields results in the browser 'not responding' for a few seconds. Simply opening the site does. Pretty-much any mouse action triggers this momentary hang.
This occurs even with a clean profile, and with all add-ons except NoScript disabled - which I initially determined by re-enabling each one, leaving NoScript to last. Then I disabled them all again and only enabled NoScript. Nothing about the way I have accessed the site for the last several years has changed.
I also un- then re-installed NoScript.
Is this a bug?
Is there a setting I need to enable or disable? This is the only sensitive site I use. Sure, the overall control of javascript, and XSS/ClearClick/iframe etc,is invaluable - but this is the site more than any other I need NoScript working for 'out of the box'.
Thanks, in anticipation!
Re: Browser 'not responding'/repeatedly refreshing
Posted: Sun Sep 20, 2015 2:47 am
by barbaz
Are your issues on Iceweasel, which it looks like you posting from, or Pale Moon, which you claim to use?
If Pale Moon, what version?
When it happens, do you see anything related in the Browser Console? (Ctrl-Shift-J)
(if you don't know what's related, turn off CSS warnings and post everything else you see)
Re: Browser 'not responding'/repeatedly refreshing
Posted: Sun Sep 20, 2015 9:08 am
by yes_noscript
Maybe your bank uses UA sniffing.
We have a lot of threads with that:
https://forum.palemoon.org/search.php?k ... A+sniffing
Re: Browser 'not responding'/repeatedly refreshing
Posted: Sun Sep 20, 2015 11:33 am
by therube
https://www.santanderbank.com/us/
> Clicking into the credential fields
What is the "credential field"?
> Simply opening the site does
So opening that link hangs your browser?
> a clean profile, and with all add-ons except NoScript disabled
A clean Profile would have no extensions.
And if you then added NoScript, then there would be only NoScript with no others to disable.
(Plugins would show in a clean Profile.)
What A/V are you using?
Do you get the same hang if you test with FF 40?
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in 4402510;type=smeremar;cat=ddaac01;ord=7644293319123;~oref=https://www.santanderbank.com/us/business?
(function anonymous() {
4402510;type=smeremar;cat=ddaac01;ord=7644293319123;~ /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
Code: Select all
[NoScript XSS] Sanitized suspicious request. Original URL [https://4402510.fls.doubleclick.net/activityi;src=4402510;type=smeremar;cat=ddaac01;ord=7644293319123;~oref=https%3A%2F%2Fwww.santanderbank.com%2Fus%2Fbusiness?] requested from [https://www.santanderbank.com/us/business]. Sanitized URL: [https://4402510.fls.doubleclick.net/activityi;src%204402510;type%20smeremar;cat%20ddaac01;ord%207644293319123;~oref%20https://www.santanderbank.com/us/business?#47022605857812205923].
Re: Browser 'not responding'/repeatedly refreshing
Posted: Sun Sep 20, 2015 3:07 pm
by barbaz
^ well if that's the problem then just block doubleclick.net on that site wtih
ABE.
Code: Select all
Site .doubleclick.net
Deny from .santanderbank.com
Then if that warning still happens make an XSS exception:
NoScript Options > Advanced > XSS
Code: Select all
^https?://(?:[^/:]+\.)?doubleclick\.net[/:]
(I'm assuming it's unlikely you'd actually Allow scripts from doubleclick.net, they being a notorious tracker...)
Re: Browser 'not responding'/repeatedly refreshing
Posted: Mon Sep 21, 2015 6:35 pm
by therube
From what I recall (which might be wrong) what I was seeing was with nothing Allowed?
(Had I Allowed anything, I certainly would not have Allowed doubleclick.net.)
Not seeing the same, currently.
But I do see:
Code: Select all
[NoScript HTTPS] AUTOMATIC SECURE on https://www.santanderbank.com: akid=96a4556831170000cb4c0056ff770200f2950000; domain=.www.santanderbank.com; path=/; Secure
Oh, & the site (webpage) loads fine for me, including the Login "popup".