InformAction Forums

Posted: **Fri Dec 01, 2017 3:17 pm**

I keep getting NoScript windows with the same message, even if I block it.

As an example on www.reddit.com I get the following message over and over:

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://s0.2mdn.net to https://coolblue-coolblue.bannerflow.com.

Even if I add the 2 domainnames to the NoScript Options I still get them.

Any idea how I can prevent the warning messages?

Posted: **Fri Dec 01, 2017 3:26 pm**

Usually not allowing the sending domain prevents the script that tries to import the second source from doing the XSS.

So if you don't allow
...2mdn.net
or
https://s0.2mdn.net

Ns will prevent 2mdn.net from importing bannerflow.com's content

Only exception I have found to date is imdb.com, which insists on calling it's ia.media-imdb.com so that the XSS warning triggers even without any scripts allowed.

Posted: **Tue Dec 05, 2017 10:55 pm**

In windows 7 Noscript 5.1.8.1 I can go to the Options and uncheck a box under notifications for the xss warning. In windows 10 10.1.5.5 when you click the options its all windows 10 like and you can only see the whitelist with no way to switch to the notifications tab if you will. Any way the options menu can revert to the old style in the next patch?

Posted: **Wed Dec 06, 2017 6:06 pm**

You're not alone:

https://forums.informaction.com/viewtop ... =7&t=24070
https://forums.informaction.com/viewtop ... =7&t=24085
https://forums.informaction.com/viewtop ... =7&t=24067
https://forums.informaction.com/viewtop ... =7&t=24000

InformAction Forums

continuous NoScript XSS Warning

continuous NoScript XSS Warning

Re: continuous NoScript XSS Warning

Re: continuous NoScript XSS Warning

Re: continuous NoScript XSS Warning