[RESOLVED] email.t-online.de / magentacloud.de (WebMail)

Manu1991 · Post by **Manu1991** » Sat Jul 29, 2017 11:08 am

With the new V. 5.0.8.1 I now have an XSS warning with my webmail account:

I use FF 52.2, and when I log into the cloud storage service https://magentacloud.de and then try to switch to webmail https://email.t-online.de (via click on the "E-Mail" button), I always get an XSS warning.

Until V. 5.0.7.1 everything was fine.

Post by **barbaz** » Sat Jul 29, 2017 4:16 pm

Please check the Browser Console (Ctrl-Shift-J) when this issue happens and post here any messages related to NoScript.
(related messages usually start with either "[NoScript" or "[ABE]"; if you don't know what's related, turn off CSS warnings and post everything else you see)

Manu1991 · Post by **Manu1991** » Sun Jul 30, 2017 9:35 am

I got two similar messages at once in the browser's console (FF 52.2):

[NoScript XSS] Eine verdächtige Anfrage wurde bereinigt. Original-URL [https://accounts.login.idm.telekom.com/ ... null%7D%7D] angefordert von [chrome://browser/content/browser.xul]. Bereinigte URL: [https://accounts.login.idm.telekom.com/ ... 3378161526].
[NoScript XSS] Eine verdächtige Anfrage wurde bereinigt. Original-URL [https://accounts.login.idm.telekom.com/ ... null%7D%7D] angefordert von [chrome://browser/content/browser.xul]. Bereinigte URL: [https://accounts.login.idm.telekom.com/ ... 8004002464].

Post by **barbaz** » Sun Jul 30, 2017 4:56 pm

NoScript Options > Advanced > XSS, try adding this exception -

Code: Select all

^https://accounts\.login\.idm\.telekom\.com/oic\?

Manu1991 · Post by **Manu1991** » Mon Jul 31, 2017 11:35 am

Okay, thanks for your help!

In general, I don't like adding exceptions.

Especially when it worked before for years (up to and including V. 5.0.7.1).

I can also do an insecure reload/refresh to get to the desired page. That also works for me.

chrisgruen · Post by **chrisgruen** » Sun Aug 13, 2017 9:03 pm

Hello,

I have the same error, and I also allow "insecure reload", but it needs many clicks, I don't want it.

Unfortunately the exception "^https://accounts\.login\.idm\.telekom\.com/oic\?" doesn't work.

I tried it with an old FF version (portable) with Noscript 2...., there is no problem with my emailaccount.
The error appeared with update to 5.8.01., I hope, this will be fixed.

Post by **barbaz** » Sun Aug 13, 2017 10:40 pm

As above, please post the messages from the Browser Console (Ctrl-Shift-J) when the issue occurs.

Guest · Post by **Guest** » Mon Aug 14, 2017 5:56 pm

Apparently I have made a mistake the first time.
The exception rule is working.
Thanks for help.

InformAction Forums

[RESOLVED] email.t-online.de / magentacloud.de (WebMail)

[RESOLVED] email.t-online.de / magentacloud.de (WebMail)

Re: email.t-online.de / magentacloud.de (WebMail)

Re[2]: email.t-online.de / magentacloud.de (WebMail)

Re: email.t-online.de / magentacloud.de (WebMail)

Re[4]: email.t-online.de / magentacloud.de (WebMail)

Re: email.t-online.de / magentacloud.de (WebMail)

Re: email.t-online.de / magentacloud.de (WebMail)

Re: email.t-online.de / magentacloud.de (WebMail)