XBox.com
Posted: Fri Nov 18, 2016 7:07 pm
Hello,
I hope I am providing the correct and enough information.
During my visits on xbox.com the webpage freezes every time after some seconds for about 10 seconds or a bit more. NoScript shows a message telling me about XSS attempts. When using "unsafe reloading" the page works until I click on a link, then everything repeats. Long story short: I assume that some XSS thing is making my browser freeze. I tried to update the XSS filter via two lines:
^http?://www\.microsoft\.com.*$
^http?://web\.vortex\.data\.microsoft\.com.*$
I am not used to RegEx's, so this may be wrong. In fact my browser still freezes. Console shows this entry:
...along with some javascript injections.
Can anyone help me? I would like to allow XSS on xbox.com and needed subsites.
Thanks,
Jac
I hope I am providing the correct and enough information.
During my visits on xbox.com the webpage freezes every time after some seconds for about 10 seconds or a bit more. NoScript shows a message telling me about XSS attempts. When using "unsafe reloading" the page works until I click on a link, then everything repeats. Long story short: I assume that some XSS thing is making my browser freeze. I tried to update the XSS filter via two lines:
^http?://www\.microsoft\.com.*$
^http?://web\.vortex\.data\.microsoft\.com.*$
I am not used to RegEx's, so this may be wrong. In fact my browser still freezes. Console shows this entry:
Code: Select all
[NoScript XSS] Eine verdächtige Anfrage wurde bereinigt. Original-URL [https://web.vortex.data.microsoft.com/collect/v1/t.asm?ver=%272.1%27&name=%27Ms.Webi.ContentView%27&time=%272016-11-18T16%3A45%3A29.070Z%27&os=%27Windows%27&*baseType=%27Ms.Content.PageView%27&-pageName=%27XboxAddOn%20Details%27&-uri=%27https%3A%2F%2Fwww.microsoft.com%2Fen-us%2Fstore%2Fp%2Fbatman-the-telltale-series-season-pass-episodes-2-5%2Fbph40w8dbzz9%27&-referrerUri=%27https%3A%2F%2Fwww.microsoftstore.com%2Fstore%2Fmsde%2Fde_DE%2FDisplayWorldWidePage%2F%3FabsoluteReturnUrl%3Dhttps%3A%2F%2Fwww.microsoft.com%2Fde-de%2Fstore%2Fp%2Fbatman-the-telltale-series-season-pass-episodes-2-5%2Fbph40w8dbzz9%27&-pageTags=%27%7B%22timing%22%3A%22%7B%5C%22navigationStart%5C%22%3A1479487510119%2C%5C%22unloadEventStart%5C%22%3A0%2C%5C%22unloadEventEnd%5C%22%3A0%2C%5C%22redirectStart%5C%22%3A0%2C%5C%22redirectEnd%5C%22%3A0%2C%5C%22fetchStart%5C%22%3A1479487510120%2C%5C%22domainLookupStart%5C%22%3A1479487510120%2C%5C%22domainLookupEnd%5C%22%3A1479487510120%2C%5C%22connectStart%5C%22%3A1479487510120%2C%5C%22connectEnd%5C%22%3A1479487510120%2C%5C%22requestStart%5C%22%3A1479487510120%2C%5C%22responseStart%5C%22%3A1479487510134%2C%5C%22responseEnd%5C%22%3A1479487510724%2C%5C%22domLoading%5C%22%3A1479487510150%2C%5C%22domInteractive%5C%22%3A1479487527767%2C%5C%22domContentLoadedEventStart%5C%22%3A1479487527769%2C%5C%22domContentLoadedEventEnd%5C%22%3A1479487527969%2C%5C%22domComplete%5C%22%3A1479487529046%2C%5C%22loadEventStart%5C%22%3A1479487529046%2C%5C%22loadEventEnd%5C%22%3A0%7D%22%2C%22metaTags%22%3A%7B%22ms.v%22%3A%222016.11.16.9%22%2C%22ms.Cv%22%3A%22tDQjbKoqDkK4240O.30%22%2C%22ms.pagename%22%3A%22XboxAddOn%20Details%22%2C%22ms.pcn%22%3A%22Redstone%20PDP%201608%20pdpGameLayout1%22%2C%22ms.availableon%22%3A%22Xbox%20One%22%2C%22ms.dqid%22%3A%228b2d1f21-2a6a-4463-a56e-c66443f1e669%22%2C%22ms.auth%22%3A%221%22%2C%22ms.prod_type%22%3A%22AddOns%22%2C%22ms.prod_cat%22%3A%22%22%2C%22ms.prod_worksonxbox%22%3A%22true%22%2C%22ms.prod%22%3A%22Batman%20-%20The%20Telltale%20Series%20-%20Season%20Pass%20(Episodes%202-5)%22%2C%22ms.prod_id%22%3A%22BPH40W8DBZZ9%22%7D%7D%27&-customSessionGuid=%276ad9062d76d74838a3fa4c6e4f759de1%27&-impressionGuid=%27987d10e6-943f-4f63-898f-8de8597898b4%27&-contentJsonVer=2&-content=%27%5B%7B%22areaName%22%3A%22Details%22%2C%22slotNumber%22%3A%221%22%2C%22templateName%22%3A%22Desc-BuyOptions-RatingsReviews%22%2C%22contentId%22%3A%22BPH40W8DBZZ9%22%2C%22contentName%22%3A%22Batman%20-%20The%20Telltale%20Series%20-%20Season%20Pass%20(Episodes%202-5)%22%2C%22contentSource%22%3A%22DisplayCatalog%22%2C%22product%22%3A%22BPH40W8DBZZ9%22%7D%2C%7B%22areaName%22%3A%22addonparent%22%2C%22slotNumber%22%3A%220%22%2C%22templateName%22%3A%221rowMWFCarousel%22%2C%22contentId%22%3A%22C4VVPDBXSH5P%22%2C%22contentName%22%3A%22Batman%20-%20The%20Telltale%20Series%20-%20Episode%201%3A%20Realm%20of%20Shadows%22%2C%22contentSource%22%3A%22DisplayCatalog%22%2C%22contentType%22%3A%224%22%7D%2C%7B%22areaName%22%3A%22addonparent%22%2C%22slotNumber%22%3A%221%22%2C%22templateName%22%3A%221rowMWFCarousel%22%2C%22contentId%22%3A%22BQ2ZZ6WTZZJZ%22%2C%22contentName%22%3A%22Batman%3A%20The%20Telltale%20Series%20-%20The%20Complete%20Season%20(Episodes%201-5)%22%2C%22contentSource%22%3A%22DisplayCatalog%22%2C%22contentType%22%3A%224%22%7D%2C%7B%22areaName%22%3A%22addonparent%22%2C%22slotNumber%22%3A%222%22%2C%22templateName%22%3A%221rowMWFCarousel%22%2C%22contentId%22%3A%22CFQ7TTC0K5DJ%22%2C%22contentName%22%3A%22Xbox%20Live%20Gold%22%2C%22contentSource%22%3A%22DisplayCatalog%22%2C%22contentType%22%3A%224%22%7D%2C%7B%22areaName%22%3A%22pdpbundles%22%2C%22slotNumber%22%3A%220%22%2C%22templateName%22%3A%221rowMWFCarousel%22%2C%22contentId%22%3A%22BQ2ZZ6WTZZJZ%22%2C%22contentName%22%3A%22Batman%3A%20The%20Telltale%20Series%20-%20The%20Complete%20Season%20(Episodes%201-5)%22%2C%22contentSource%22%3A%22DisplayCatalog%22%2C%22contentType%22%3A%224%22%7D%5D%27&*flightId=%27addemail%3A1%2Caddlegacypurchasetype%3A1%2Caddsdkbillable%3A1%2Caddsdklegacytype%3A1%2Caddxtokenformobi%3A1%2Cajaxtimeout%3A1%2Calipayba%3A1%2CBSP_PaidPurchase%3A1%2CBundle3P%3A1%2Ccartcsv%3A1%2Ccartstrings%3A1%2Cccfamily%3A1%2Cclicktale%3A1%2Ccnresell%3A1%2Cconvergence%3A1%2Ccreateprofile%3A1%2Ccup%3A1%2Cdisable404ForNoDetails%3A1%2CdisableExclusivityOnLegacy%3A1%2CdiscountDisclaimer%3A1%2Cdres%3A1%2Ceditcupcc%3A1%2Ceditcupcclink%3A1%2Cembercli%3A1%2CenableAccessibilityStatusPDP%3A1%2Censighten%3A1%2Centpcspdpmodules%3A1%2CentpRoute%3A1%2CentPRouteRedirect%3A1%2Cexclusivity%3A1%2CFeature_ClickTale%3A1%2CFeature_FamilySafety%3A1%2CFeature_TFA%3A1%2Cforcexboxeligibility%3A1%2CignoreRemediation%3A1%2Cinlinechangelink%3A1%2Ciosrerender%3A1%2Cmaskfields%3A1%2CMVR_ControlFlight%3A1%2Cmwfnext%3A1%2Cnewpaypalflow%3A1%2Cnonsimsvg%3A1%2Cnopdpcache%3A1%2Cnopost%3A1%2Comexerror%3A1%2Comexmanualretry%3A1%2Comniture%3A1%2Coneui3_0_0pdp%3A1%2Coneui3_0_0pdpent%3A1%2Corderpcsmodules%3A1%2Corderversion%3A1%2Cpaypalinpage%3A1%2Cpcslandingmodules%3A1%2Cpcsmodules%3A1%2Cpcssfv7Pdp%3A1%2Cpiinclusionjp%3A1%2Cpilang%3A1%2Cpreloadorder%3A1%2Cprofiletimeout%3A1%2CpRoute%3A1%2CratingsEdge%3A1%2CreportReview%3A1%2Crestrictpurchase%3A1%2Cretrycheckout%3A1%2Cretryget%3A1%2Cretryput%3A1%2Csapicart%3A1%2Csdkerror%3A1%2CshowFeedback%3A1%2CshowHolographic%3A1%2Cshowwarningforpurchase%3A1%2Csing%3A1%2Csoasta%3A1%2Ctiless%3A1%2Cusepartd%3A1%2Cxbfree%3A1%2Cxboxreseller%3A1%27&*cookieEnabled=true&*browserSize=%271897x4563%27&*cookies=%27MC1%3DGUID%3Dc989d23bfbdaad46a8d7a31d89b2e474%26HASH%3D3bd2%26LV%3D201602%26V%3D4%26LU%3D1455910076804%3BMSFPC%3DID%3Dc989d23bfbdaad46a8d7a31d89b2e474%26CS%3D3%26LV%3D201602%26V%3D1%3B%27&*pageLoadTime=18926&*screenRes=%271920x1080%27&*isJs=true&*title=%27Batman%20-%20The%20Telltale%20Series%20-%20Season%20Pass%20(Episodes%202-5)%20-%20Microsoft%20Store%27&*signInStatus=1&cV=%27c14Y27cltWAwJ7YI.0%27&ext-app-expId=%27none%27&appId=%27JS%3AUniStore%27&ext-javascript-libVer=%273.3.1%27&ext-user-localId=%27t%3A00FD07C111896A2D0D660F0115896940%27&sauth=1] angefordert von [https://www.microsoft.com/en-us/store/p/batman-the-telltale-series-season-pass-episodes-2-5/bph40w8dbzz9]. Bereinigte URL: [https://web.vortex.data.microsoft.com/#05269524161266115967]....along with some javascript injections.
Can anyone help me? I would like to allow XSS on xbox.com and needed subsites.
Thanks,
Jac
