Page 1 of 1
huffingtonpost videos not shown when Sanitize XSS
Posted: Wed Dec 27, 2017 3:17 pm
by superpat45
hello,
http://www.huffingtonpost.fr videos not shown when "Sanitize cross-site suspicious requests" option enabled.
Regards,
Re: huffingtonpost videos not shown when Sanitize XSS
Posted: Wed Dec 27, 2017 10:06 pm
by Giorgio Maone
Wow, quite a lot of scripts mandatory to be allowed on that site, but after using Temporary Allow all (the big clock with the exclamation mark on the top right) three times, always after trying to play the video by hitting its "play" (arrow right) button, it eventually started without touching the XSS options.
Re: huffingtonpost videos not shown when Sanitize XSS
Posted: Sun Dec 31, 2017 7:26 pm
by superpat45
for videos works on this site, you need to allow only huffingtonpost.fr, huffpost.com, instagram.com, twitter.com
and of corse, disable sanitize XSS but I don't want to disable it globally....
Re: huffingtonpost videos not shown when Sanitize XSS
Posted: Sun Dec 31, 2017 10:30 pm
by Pansa
superpat45 wrote:
and of corse, disable sanitize XSS but I don't want to disable it globally....
Giorgio Maone wrote: it eventually started without touching the XSS options.
I also didn't need twitter, nor instagram.
What I did need was
huffingtonpost.fr
…ultimedia.com (which loads the player)
…digiteka.net
…jwpcdn.com (which together are the player..)
They load off of each other, which means until ultimedia is loaded you won't see digiteka.net for instance.
Ironically I don't need jwplayer :puzzled: No Xss warnings. Couldn't get one on Huffpost.fr with severe trying.
I haven't seen an Xss warning in quite a while to be honest, which version of Noscript are you running?