Recent update breaks Gerrit
-
stenborg
Recent update breaks Gerrit
Since yesterday, I can't open my company's Gerrit anymore. Disabling NoScript solves it. All scripts on the page are allowed. Entering a URL on the page yields... nothing. It's as if I never did anything - I just stay on the page I was previously and the address field reverts back to the original page. Opening a link to Gerrit in a new tab yields the same result as just opening an empty tab. Ctrl-U gives me the URL "view-source:about:blank". The desired URL _is_ present in the address field, but that is the only indication that I've tried to navigate to it. I can't configure NoScript for this page, as the NoScript icon turns into the blue S with a red question mark on it, and clicking it just takes me to the options page at moz-extension://01f...31a/ui/options.html. "Scripts Globally Allowed (dangerous)" doesn't help, only completely disabling NoScript. Any ideas?
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Re: Recent update breaks Gerrit
What version of NoScript?
What is a "Gerrit"?
URL to this Gerrit?
What is a "Gerrit"?
URL to this Gerrit?
Sounds familiar to (follow the trail), Left-click NoScript Icon Causes NoScript Options To Open.moz-extension://01f...31a/ui/options.html
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 SeaMonkey/2.49.2
-
stenborg
Re: Recent update breaks Gerrit
Gerrit is a source code review tool - see https://www.gerritcodereview.com/.
Oh wait, I solved it.
Turning off "Sanitize cross-site suspicious requests" fixes it. But I'd like XSS checking turned on... The XSS section in the FAQ under "Can I bypass Anti-XSS filters for certain web pages?" states that I can configure this in "NoScript Options|Advanced|XSS|Anti-XSS Protection Exceptions", but I find no such options. I guess these aren't in NoScript 10 yet?
I also failed to find any documentation of the NoScript status icon with the red question mark superimposed - it seems to appear on all about: pages and moz-extension: pages, so I assume it's there whenever NoScript can't work on the page, as indicated by "NoScript 10 is a WebExtension, so it cannot operate on AMO nor on Firefox-internal pages." on https://forums.informaction.com/viewtop ... 903#p93903.
Oh wait, I solved it.
Turning off "Sanitize cross-site suspicious requests" fixes it. But I'd like XSS checking turned on... The XSS section in the FAQ under "Can I bypass Anti-XSS filters for certain web pages?" states that I can configure this in "NoScript Options|Advanced|XSS|Anti-XSS Protection Exceptions", but I find no such options. I guess these aren't in NoScript 10 yet?I also failed to find any documentation of the NoScript status icon with the red question mark superimposed - it seems to appear on all about: pages and moz-extension: pages, so I assume it's there whenever NoScript can't work on the page, as indicated by "NoScript 10 is a WebExtension, so it cannot operate on AMO nor on Firefox-internal pages." on https://forums.informaction.com/viewtop ... 903#p93903.
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
-
stenborg
Re: Recent update breaks Gerrit
Oh, and also fail to see why opening a new empty tab, entering a URL and hitting Enter could be construed as a cross-site scripting attack... 
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0