Page 1 of 1
[RESOLVED] noscript is blocking some sites
Posted: Tue Feb 19, 2019 10:58 pm
by UUser
I am having trouble with noScript on some sites. The site is working if I disable noScript plugin in Firefox. However, with the plugin enabled the site refuses to load properly even with all scripts set as trusted.
I have everything enabled for "trusted" in my settings. I would have expected that "disable restrictions for this tap" and reloading the site in my browser should get rid of any problems. Yet, this is not the case.
Any advice for that? Is there a way to disabe noScript for a specific tap?
An specific example would be
https://bitbucket.org. The pipelines are not being displayed.
Many thanks for any advice
I am using
- Firefox 65.0 (64-bit)
- Linux Ubuntu 16.04
- noScript 10.2.1
Re: noscript is blocking some sites
Posted: Tue Feb 19, 2019 11:59 pm
by therube
What are pipelines?
Have a sample page, or whatever, where these pipelines are not seen?
Re: noscript is blocking some sites
Posted: Wed Feb 20, 2019 12:34 am
by UUser
I am sorry I should have provided a better explanation. Bitbucket is a version control system for source code. The site operates well except for the part 'pipelines'. Unfortunately, I cannot provide the link to URL in question since it is private access. I mentioned it in the hope others also had this experience since the site is popular.
I can create a public repository if that helps and provide the link as example.
Re: noscript is blocking some sites
Posted: Wed Feb 20, 2019 12:43 am
by UUser
While setting up a new repository a pop-up appeared about XSS attack. This time, instead of "allow" I chose "always allow for this site". It appears so that everything is working now!
[solved]: noscript is blocking some sites
Posted: Wed Feb 20, 2019 12:53 am
by UUser
The problem is solved.
"always allow for this site" must be set to make the site operate correctly.
Before that I chose "allow once" but the popup never showed up again...
thanks again for help, I think I cannot close the issue in this forum?
Re: noscript is blocking some sites
Posted: Wed Feb 20, 2019 12:58 am
by barbaz
UUser wrote: ↑Wed Feb 20, 2019 12:43 am
While setting up a new repository a pop-up appeared about XSS attack. This time, instead of "allow" I chose "always allow for this site". It appears so that everything is working now!
Could you please post the text of this popup so that we can evaluate whether this is a false positive? Thanks!
Re: noscript is blocking some sites
Posted: Wed Feb 20, 2019 6:18 pm
by UUser
The pop-up does not show up again. To replicate I'd need to clear my setting "always allow".
What is the most convenient way to do so?
What I can think of:
NoScript: "Export" -> "Reset" -> replicate -> "Import"
Re: noscript is blocking some sites
Posted: Wed Feb 20, 2019 6:32 pm
by UUser
NoScript XSS Warning
=================
Code: Select all
NoScript detected a potential Cross-Site Scripting attack
from https://bitbucket.org to https://bitbucket-pipelines.prod.public.atl-paas.net.
Suspicious data:
(URL) https://bitbucket-pipelines.prod.public.atl-paas.net/home?connectProperties={repository.properties.get(attribute=app.key)}&displayName=<username>&repoUuid={11223344-1234-1234-1234-112233445566}&accountUuid=112233445566&projectName={repository.project.name}&xdm_c=channel-0679a133-775f-4491-b284-31156dc4df79&xdm_e=https://bitbucket.org&crev=dbe73ec6ad6a/dist/connect/v5&addonKey=pipelines&environment=/2.0&repoPath=<username>/public_test&userUuid=112233445566&projectKey={repository.project.key}&accountId=112233445566&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJhcmk6Y2xvdWQ6Yml0YnVja2V0OjphcHAvezIyMmViMTg1LTE5NmQtNDRjZi1iZGNhLTVkODcyNzg3NDE5OX0vcGlwZWxpbmVzIiwiaWF0IjoxNTUwNjg3MDA5LCJxc2giOiJkOWY5ZTU1YzAxNzAxMTJlMWFmMzY2MDdlOWE3NzY5MmU0OTc5Zjk0NTdmMjE3MDY2ZTlkMjlkNmY5NjBjMmViIiwiYXVkIjoiYXJpOmNsb3VkOmJpdGJ1Y2tldDo6YXBwL3syMjJlYjE4NS0xOTZkLTQ0Y2YtYmRjYS01ZDg3Mjc4NzQxOTl9L3BpcGVsaW5lcyIsImV4cCI6MTU1MDY4NzMwOX0.Ya9oAK5r_uzPo4TxTXjS9L5Egy8OMzsYWAutA0JawOo
Code: Select all
Always allow document requests from https://bitbucket.org to https://bitbucket-pipelines.prod.public.atl-paas.net
**Correction**: Before that I chose "block" instead of "allow" which is why the popup never showed up again...
Re: noscript is blocking some sites
Posted: Thu Feb 21, 2019 4:40 pm
by barbaz
Thanks for posting that. Unfortunately some parts of that URL do look like syntactically valid Javascript, so I would say using "Always allow" is the answer here.