For the last few months I have observed a significant increase in the number of pages which NoScript blocks as potential XSS attempts. The common factor I have found in the console reports are error messages like the following:
TypeError: longurlplease.shortUrlRegexp is null
purporting to come from longurlplease.js
Is this in fact the cause of the XSS block?
If so:
Why is it dangerous?
Is there some way to stop this error from triggering an XSS block, short of whitelisting all of the pages on which it appears?
If not, can you give me some guidance on identifying the cause of blockage?
Last edited by rsbrux on Wed Nov 29, 2017 9:56 am, edited 1 time in total.
Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0
Please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)
*Always* check the changelogs BEFORE updating that important software!
It's hard to say without seeing detailed error messages, but I guess it's possible that if a site is passing regexen around, they might trip the XSS filter?
======
Thrawn
------------
Religion is not the opium of the masses. Daily life is the opium of the masses.
True religion, which dares to acknowledge death and challenge the way we live, is an attempt to wake up.
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
