Excessive Cross-scripting warnings

Ask for help about NoScript, no registration needed to post
edgracely

Excessive Cross-scripting warnings

Post by edgracely » Sat Jul 13, 2019 3:08 pm

Until a few months ago, the XSS (Cross-scripting attack) warnings were rare and I could easily just accept the block. Now I get them multiple times a day on a wide variety of normal, safe, web sites.

I don't know when i can safely allow the XSS, so i usually block it.

But it is frustrating how often the warnings occur. Is it possible that NoScript has gotten a bit too sensitive to this? I don't want to turn it off, but is there a way for NoScript to help avoid attacks without warning of every trivial feature that might possibly, rarely, be used as an attack?

Are others finding the same thing?

I *could* always allow or always block -- but that makes me nervous. Always allow could be a problem if one time there is a real attack. Always block can be a problem because occasionally XSS is part of site functionality,

Thoughts?

Ed
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

barbaz
Senior Member
Posts: 9173
Joined: Sat Aug 03, 2013 5:45 pm

Re: Excessive Cross-scripting warnings

Post by barbaz » Sat Jul 13, 2019 3:54 pm

Could you please copy the message from these XSS warning dialogs and post it here?
*Always* check the changelogs BEFORE updating that important software!
-

edgracely

Re: Excessive Cross-scripting warnings

Post by edgracely » Sun Jul 14, 2019 9:26 pm

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://accountonline.citi.com to https://stags.bluekai.com.

Suspicious data:

Error: Exceeded 20000ms timeout,(URL) https://stags.bluekai.com/site/63068?ret=html&phint=language&phint=product&phint=event&phint=category&phint=page&phint=section1&phint=section2&phint=section3&phint=section4&phint=productID&phint=__bk_t=Citi® Credit Cards - Login | Secure Sign-on&phint=__bk_k=&phint=__bk_l=https://accountonline.citi.com/cards/svc/LoginGet.do&limit=10&r=24413764
Last edited by barbaz on Sun Jul 14, 2019 10:13 pm, edited 1 time in total.
Reason: wrap warning message in code tags
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

edgracely

Re: Excessive Cross-scripting warnings

Post by edgracely » Sun Jul 14, 2019 9:35 pm

And many more. I was visiting the Citi card site -- must have had 10 XSS warnings.

Here is the first part of another one:

Code: Select all

NoScript detected a potential Cross-Site Scripting attack

from https://6269322.fls.doubleclick.net to https://adservice.google.com.

Suspicious data:

(URL) https://adservice.google.com/ddm/fls/i/src=6269322;type=newbank;cat=undefined;u1=undefined;u2=Account
Do these actually help tell why I'm getting them?

Ed
Last edited by barbaz on Sun Jul 14, 2019 10:14 pm, edited 1 time in total.
Reason: wrap warning message in code tags
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0

barbaz
Senior Member
Posts: 9173
Joined: Sat Aug 03, 2013 5:45 pm

Re: Excessive Cross-scripting warnings

Post by barbaz » Sun Jul 14, 2019 10:13 pm

bluekai is a tracker, and your second XSS warning is a false positive caused by an ad.

You might consider using something like uBlock Origin to just block this stuff.
*Always* check the changelogs BEFORE updating that important software!
-

GreenReaper
Posts: 6
Joined: Tue Aug 08, 2017 5:22 pm

Re: Excessive Cross-scripting warnings

Post by GreenReaper » Mon Jul 15, 2019 1:01 pm

The 20000ms warnings are a serious annoyance, though. I have a slow netbook from 2011 and I get them frequently when a page is loading up, for otherwise acceptable requests. It seems like they've been popped up simply because they are slow, which to me doesn't deserve an alert (or any response). Is this timeout configurable? Is the warning even coming from NoScript, or elsewhere?
Laurence "GreenReaper" Parry
https://greenreaper.co.uk - https://wikifur.com/ - https://www.flayrah.com/ - https://inkbunny.net/ - https://yerf.metafur.org/
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0

Post Reply