Page 1 of 1
NoScript XSS attack aliexpress.com
Posted: Fri Aug 04, 2017 9:35 pm
by Hobbix
Site: aliexpress.com
When choosing any product, I get an XSS attack.
Screenshot
Re: NoScript XSS attack aliexpress.com
Posted: Fri Aug 04, 2017 9:43 pm
by barbaz
It's facebook tracking tripping the XSS filter. What's your question?
Re: NoScript XSS attack aliexpress.com
Posted: Fri Aug 04, 2017 9:49 pm
by Hobbix
How can I disable this warning on this site?
Re: NoScript XSS attack aliexpress.com
Posted: Fri Aug 04, 2017 10:01 pm
by barbaz
Does it go away if you block scripts for all facebook related domains?
Re: NoScript XSS attack aliexpress.com
Posted: Sat Aug 05, 2017 1:38 pm
by Hobbix
barbaz wrote:Does it go away if you block scripts for all facebook related domains?
Yes. When I blocked the facebook.net domain in Noscript, the XSS attack message does not appear.
Re: NoScript XSS attack aliexpress.com
Posted: Mon Aug 07, 2017 12:50 am
by Thrawn
That's probably your best choice, then. Just mark facebook.net as Untrusted.
If you find that you really need to allow facebook.net sometimes, then we can help you write an ABE rule for that.
Re: NoScript XSS attack aliexpress.com
Posted: Mon Aug 07, 2017 10:17 am
by Hobbix
Thrawn wrote:then we can help you write an ABE rule for that.
Please help me write a rule for ABE.
Re: NoScript XSS attack aliexpress.com
Posted: Thu Aug 10, 2017 3:45 am
by Thrawn
Probably something like this:
Code: Select all
Site .facebook.net
Anon from .aliexpress.com
Deny INC
Then whitelist facebook.net
Which site is giving you trouble when Facebook is blocked?
