NoScript v10: XSS Warning and Suspicious data: window.name
Posted: Mon Feb 05, 2018 6:59 pm
Hello. I decided to create a new thread about NoScript XSS Warning, because of a [FIXED] mark for a previous one (see; "[FIXED] Constant XSS Warnings"). I just don't know if Mr Maone saw my post about window.name type of suspicious data etc. So, here it's:
Mr Maone, you have written, that "Some or all of these issues (those with the "TypeError: ic is undefined" message) should be fixed...", right? However, I would like to write about one more type of such a warning. It's about google.com website and detected a potential Cross-Site Scripting Attack. Lets see:
As we can see, above popup warning window is different from those mentioned earlier in mentioned thread etc. (see; "[FIXED] Constant XSS Warnings"). In this case suspicious data is: 'window.name' (not 'TypeError: ic is undefined') and there is an option to 'Sanitize this request' (instead of 'Block this request') etc.
A couple of weeks ago, I've had such a situation with NoScript XSS Warning. One with Suspicious data ('TypeError: ic is undefined,(URL)', which is now fixed; see; "[FIXED] Constant XSS Warnings" thread) and second one with a different data, which is mentioned above.
So, I would like to ask Mr Maone if window.name issue is also fixed in latest Development version? I'm aksing, because vincentadultman user had wrote, that he reproduced this error on qubes-os.org website.
Mr Maone, you have written, that "Some or all of these issues (those with the "TypeError: ic is undefined" message) should be fixed...", right? However, I would like to write about one more type of such a warning. It's about google.com website and detected a potential Cross-Site Scripting Attack. Lets see:
Code: Select all
NoScript XSS Warning
NoScript detected a potential Cross-Site Scripting attack
from [...] to https://google.com.
Suspicious data:
window.name
(o) Sanitize this request
( ) Always block document requests from [...] to https://google.com
( ) Allow this request
( ) Always allow document requests from [...] to https://google.comA couple of weeks ago, I've had such a situation with NoScript XSS Warning. One with Suspicious data ('TypeError: ic is undefined,(URL)', which is now fixed; see; "[FIXED] Constant XSS Warnings" thread) and second one with a different data, which is mentioned above.
So, I would like to ask Mr Maone if window.name issue is also fixed in latest Development version? I'm aksing, because vincentadultman user had wrote, that he reproduced this error on qubes-os.org website.