InformAction Forums

NoScripters and WebSec nerds of all lands, unite!
https://forums.informaction.com/

XSS warning breaks shopping process!

https://forums.informaction.com/viewtopic.php?t=3055

Page 1 of 1

XSS warning breaks shopping process!

Posted: Mon Nov 02, 2009 8:49 am
by stb
Hi,

I have a website with a shop. The site does not use Javascript at all. The shop (https) has some encrypted paypal form at last shopping step. The form is a POST to paypal (https). When a user with NoScript clicks on the submit button he does not get to the PayPal login page (to finalize the order) but to the PayPal main page! There is a small warning at the page top (noscript info bar) scaring users.

Re: XSS warning breaks shopping process!

Posted: Mon Nov 02, 2009 9:14 am
by Giorgio Maone
If they've got your website in their whitelist this won't happen.
However an easy way to work-around even for those who don't whitelist you is turning the POST into a GET (that's what I did with "Donate" buttons on http://noscript.net and http://flashgot.net)
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited