NoScript XSS Blocks from TypeError in longurlplease.js?

Ask for help about NoScript, no registration needed to post
rsbrux
Posts: 2
Joined: Wed Mar 15, 2017 11:07 am

NoScript XSS Blocks from TypeError in longurlplease.js?

Post by rsbrux »

For the last few months I have observed a significant increase in the number of pages which NoScript blocks as potential XSS attempts. The common factor I have found in the console reports are error messages like the following:
TypeError: longurlplease.shortUrlRegexp is null
purporting to come from longurlplease.js
  • Is this in fact the cause of the XSS block?
    If so:
    • Why is it dangerous?
      Is there some way to stop this error from triggering an XSS block, short of whitelisting all of the pages on which it appears?
    If not, can you give me some guidance on identifying the cause of blockage?
Last edited by rsbrux on Wed Nov 29, 2017 9:56 am, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
barbaz
Senior Member
Posts: 11141
Joined: Sat Aug 03, 2013 5:45 pm

Re: NoScript XSS Blocks from TypeError in longurlplease.js?

Post by barbaz »

Please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
*Always* check the changelogs BEFORE updating that important software!
-
User avatar
Thrawn
Master Bug Buster
Posts: 3106
Joined: Mon Jan 16, 2012 3:46 am
Location: Australia
Contact:

Re: NoScript XSS Blocks from TypeError in longurlplease.js?

Post by Thrawn »

It's hard to say without seeing detailed error messages, but I guess it's possible that if a site is passing regexen around, they might trip the XSS filter?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.

True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Post Reply