Unable to process 3D Secure payment as XSS filtered
Posted: Thu Nov 05, 2009 11:20 am
[NoScript XSS] Sanitised suspicious upload to [https://apply2.ucas.com/*****/PaymentSe ... reResponse] from [https://www.secure**********_script.jsp]: transformed into a download-only GET request
As the message flashed up too briefly on the screen, at the top of firefox, I was unable to read it or take action to allow this to go ahead. Not obvious how to allow this valid cross-script to process! (I ended up having to use IE to process my son's university application...)
3D secure is increasingly used on UK websites. How do you allow this script to be processed? Can it be added to a whitelist manually? It will always be the merchant's site at the top of the page, but you get transferred to the bank for card authorisation.
Please email me if you need the full links.
As the message flashed up too briefly on the screen, at the top of firefox, I was unable to read it or take action to allow this to go ahead. Not obvious how to allow this valid cross-script to process! (I ended up having to use IE to process my son's university application...)
3D secure is increasingly used on UK websites. How do you allow this script to be processed? Can it be added to a whitelist manually? It will always be the merchant's site at the top of the page, but you get transferred to the bank for card authorisation.
Please email me if you need the full links.