Page 1 of 1
2.9.0.5 breaks gmx
Posted: Thu Mar 17, 2016 11:37 am
by Luigi
Since the last update I can't login to gmx anymore, due to "NoScript filtered a potential cross-site scripting (XSS) attempt from [
https://www.gmx.com]".
Re: 2.9.0.5 breaks gmx
Posted: Thu Mar 17, 2016 5:15 pm
by barbaz
Please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
EDIT Does downgrading to NoScript 2.9.0.5rc2 let it work again?
Old NoScript @
https://addons.mozilla.org/addon/noscript/versions
*or*
https://noscript.net/feed?c=100&t=a
Re: 2.9.0.5 breaks gmx
Posted: Thu Mar 17, 2016 6:02 pm
by Luigi
barbaz wrote:Please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
I see this:
Code: Select all
[NoScript InjectionChecker] JavaScript Injection in ##https://$(clientName)-$(dataCenter).gmx.com/login
(function anonymous() {
$(clientName)-$(dataCenter).gmx.com /* COMMENT_TERMINATOR */
DUMMY_EXPR
})
[NoScript XSS] Sanitized suspicious upload to [https://login.gmx.com/login#.1559516-header-login1-1###DATA###https%3A%2F%2F%24%28clientName%29-%24%28dataCenter%29.gmx.com%2Flogin] from [https://www.gmx.com/]: transformed into a download-only GET request.
Yes.
Re: 2.9.0.5 breaks gmx
Posted: Thu Mar 17, 2016 6:08 pm
by barbaz
Thanks for confirming that.
There are many threads here reporting similar breakage introduced by 2.9.0.5. This is a NoScript bug.
Re: 2.9.0.5 breaks gmx
Posted: Fri Mar 18, 2016 6:19 pm
by barbaz
Does NoScript 2.9.0.6 works again?